Clinton Foster wrote:
DefaultSsl.createSocket(String, Socket, boolean) calls
SSLSocketFactory.createSocket(sock, host, port, true) to layer an SSL socket
around an already-connected socket. I notice the code is passing in the
remote host for the host parameter, and the *local* port for the port
parameter. Sun's Javadoc isn't much help describing what those parameters
are for. They don't make a lot of sense, given that the socket being wrapped
must be connected already. I decompiled some of Sun's code, and it looks as
if the port might not be used.
The code works, so I'm not complaining about that. I just wondered about the
discrepancy between local and remote in those two parameters.
I had a look at the code and read some in Java Network Programming and
got to say that I don't think we're doing the correct thing in using the
local port. The SSL socket is being wrapped by the cleartext one and is
normally used with proxies. The host and port should be those of the
final destination. In our case that's the same as the original one.
Funny that it seems to work anyhow.
What do you all think, is the correct thing to change this behavior?
/niklas
