/**
* Attempt to make an HTTPS connection.
*
* @param tlsTolerant If true, assume server can handle common TLS extensions and SSL deflate
* compression. If false, use an SSL3 only fallback mode without compression.
*/
private void makeSslConnection(boolean tlsTolerant) throws IOException {
// Get a connection. This may return a pooled connection!
if (connection == null) {
connection = openSocketConnection();
}
sslSocket = connection.getSecureSocketIfConnected();
// If the TLS connection is ready, use it.
if (sslSocket != null) {
return;
}
// The TLS connection isn't ready. Build a tunnel if necessary and then handshake.
if (connection.getAddress().requiresTunnel()) {
makeTunnel(policy, connection, getRequestHeaders());
}
sslSocket =
connection.setupSecureSocket(
enclosing.getSSLSocketFactory(), enclosing.getHostnameVerifier(), tlsTolerant);
}
/**
* Attempt to make an https connection. Returns true if a connection was reused, false
* otherwise.
*
* @param tlsTolerant If true, assume server can handle common TLS extensions and SSL deflate
* compression. If false, use an SSL3 only fallback mode without compression.
*/
private boolean makeSslConnection(boolean tlsTolerant) throws IOException {
// make an SSL Tunnel on the first message pair of each SSL + proxy connection
if (connection == null) {
connection = openSocketConnection();
if (connection.getAddress().getProxy() != null) {
makeTunnel(policy, connection, getRequestHeaders());
}
}
// if super.makeConnection returned a connection from the
// pool, sslSocket needs to be initialized here. If it is
// a new connection, it will be initialized by
// getSecureSocket below.
sslSocket = connection.getSecureSocketIfConnected();
// we already have an SSL connection,
if (sslSocket != null) {
return true;
}
connection.setupSecureSocket(enclosing.getSSLSocketFactory(), tlsTolerant);
return false;
}
@Override
protected void connect() throws IOException {
// first try an SSL connection with compression and
// various TLS extensions enabled, if it fails (and its
// not unheard of that it will) fallback to a more
// barebones connections
boolean connectionReused;
try {
connectionReused = makeSslConnection(true);
} catch (IOException e) {
// If the problem was a CertificateException from the X509TrustManager,
// do not retry, we didn't have an abrupt server initiated exception.
if (e instanceof SSLHandshakeException && e.getCause() instanceof CertificateException) {
throw e;
}
release(false);
connectionReused = makeSslConnection(false);
}
if (!connectionReused) {
sslSocket = connection.verifySecureSocketHostname(enclosing.getHostnameVerifier());
}
}
@Override
protected SSLSocketFactory getSslSocketFactory() {
return enclosing.getSSLSocketFactory();
}