< prev index next >

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

Print this page

        

@@ -36,11 +36,10 @@
 import java.net.SocketAddress;
 import java.net.SocketException;
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 import java.util.List;
-import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.BiFunction;
 import javax.net.ssl.HandshakeCompletedListener;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.SSLParameters;

@@ -83,13 +82,10 @@
     private String                  peerHost;
     private boolean                 autoClose;
     private boolean                 isConnected = false;
     private volatile boolean        tlsIsClosed = false;
 
-    private final ReentrantLock     socketLock = new ReentrantLock();
-    private final ReentrantLock     handshakeLock = new ReentrantLock();
-
     /*
      * Is the local name service trustworthy?
      *
      * If the local name service is not trustworthy, reverse host name
      * resolution should not be performed for endpoint identification.

@@ -294,61 +290,40 @@
     public String[] getSupportedCipherSuites() {
         return CipherSuite.namesOf(sslContext.getSupportedCipherSuites());
     }
 
     @Override
-    public String[] getEnabledCipherSuites() {
-        socketLock.lock();
-        try {
-            return CipherSuite.namesOf(
-                    conContext.sslConfig.enabledCipherSuites);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized String[] getEnabledCipherSuites() {
+        return CipherSuite.namesOf(conContext.sslConfig.enabledCipherSuites);
     }
 
     @Override
-    public void setEnabledCipherSuites(String[] suites) {
-        socketLock.lock();
-        try {
-            conContext.sslConfig.enabledCipherSuites =
-                    CipherSuite.validValuesOf(suites);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized void setEnabledCipherSuites(String[] suites) {
+        conContext.sslConfig.enabledCipherSuites =
+                CipherSuite.validValuesOf(suites);
     }
 
     @Override
     public String[] getSupportedProtocols() {
         return ProtocolVersion.toStringArray(
                 sslContext.getSupportedProtocolVersions());
     }
 
     @Override
-    public String[] getEnabledProtocols() {
-        socketLock.lock();
-        try {
-            return ProtocolVersion.toStringArray(
-                    conContext.sslConfig.enabledProtocols);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized String[] getEnabledProtocols() {
+        return ProtocolVersion.toStringArray(
+                conContext.sslConfig.enabledProtocols);
     }
 
     @Override
-    public void setEnabledProtocols(String[] protocols) {
+    public synchronized void setEnabledProtocols(String[] protocols) {
         if (protocols == null) {
             throw new IllegalArgumentException("Protocols cannot be null");
         }
 
-        socketLock.lock();
-        try {
-            conContext.sslConfig.enabledProtocols =
-                    ProtocolVersion.namesOf(protocols);
-        } finally {
-            socketLock.unlock();
-        }
+        conContext.sslConfig.enabledProtocols =
+                ProtocolVersion.namesOf(protocols);
     }
 
     @Override
     public SSLSession getSession() {
         try {

@@ -364,48 +339,33 @@
 
         return conContext.conSession;
     }
 
     @Override
-    public SSLSession getHandshakeSession() {
-        socketLock.lock();
-        try {
-            return conContext.handshakeContext == null ?
-                    null : conContext.handshakeContext.handshakeSession;
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized SSLSession getHandshakeSession() {
+        return conContext.handshakeContext == null ?
+                null : conContext.handshakeContext.handshakeSession;
     }
 
     @Override
-    public void addHandshakeCompletedListener(
+    public synchronized void addHandshakeCompletedListener(
             HandshakeCompletedListener listener) {
         if (listener == null) {
             throw new IllegalArgumentException("listener is null");
         }
 
-        socketLock.lock();
-        try {
-            conContext.sslConfig.addHandshakeCompletedListener(listener);
-        } finally {
-            socketLock.unlock();
-        }
+        conContext.sslConfig.addHandshakeCompletedListener(listener);
     }
 
     @Override
-    public void removeHandshakeCompletedListener(
+    public synchronized void removeHandshakeCompletedListener(
             HandshakeCompletedListener listener) {
         if (listener == null) {
             throw new IllegalArgumentException("listener is null");
         }
 
-        socketLock.lock();
-        try {
-            conContext.sslConfig.removeHandshakeCompletedListener(listener);
-        } finally {
-            socketLock.unlock();
-        }
+        conContext.sslConfig.removeHandshakeCompletedListener(listener);
     }
 
     @Override
     public void startHandshake() throws IOException {
         if (!isConnected) {

@@ -415,12 +375,11 @@
         if (conContext.isBroken || conContext.isInboundClosed() ||
                 conContext.isOutboundClosed()) {
             throw new SocketException("Socket has been closed or broken");
         }
 
-        handshakeLock.lock();
-        try {
+        synchronized (conContext) {     // handshake lock
             // double check the context status
             if (conContext.isBroken || conContext.isInboundClosed() ||
                     conContext.isOutboundClosed()) {
                 throw new SocketException("Socket has been closed or broken");
             }

@@ -439,99 +398,57 @@
                 throw conContext.fatal(Alert.HANDSHAKE_FAILURE,
                     "Couldn't kickstart handshaking", ioe);
             } catch (Exception oe) {    // including RuntimeException
                 handleException(oe);
             }
-        } finally {
-            handshakeLock.unlock();
         }
     }
 
     @Override
-    public void setUseClientMode(boolean mode) {
-        socketLock.lock();
-        try {
-            conContext.setUseClientMode(mode);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized void setUseClientMode(boolean mode) {
+        conContext.setUseClientMode(mode);
     }
 
     @Override
-    public boolean getUseClientMode() {
-        socketLock.lock();
-        try {
-            return conContext.sslConfig.isClientMode;
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized boolean getUseClientMode() {
+        return conContext.sslConfig.isClientMode;
     }
 
     @Override
-    public void setNeedClientAuth(boolean need) {
-        socketLock.lock();
-        try {
-            conContext.sslConfig.clientAuthType =
-                    (need ? ClientAuthType.CLIENT_AUTH_REQUIRED :
-                            ClientAuthType.CLIENT_AUTH_NONE);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized void setNeedClientAuth(boolean need) {
+        conContext.sslConfig.clientAuthType =
+                (need ? ClientAuthType.CLIENT_AUTH_REQUIRED :
+                        ClientAuthType.CLIENT_AUTH_NONE);
     }
 
     @Override
-    public boolean getNeedClientAuth() {
-        socketLock.lock();
-        try {
-            return (conContext.sslConfig.clientAuthType ==
+    public synchronized boolean getNeedClientAuth() {
+        return (conContext.sslConfig.clientAuthType ==
                         ClientAuthType.CLIENT_AUTH_REQUIRED);
-        } finally {
-            socketLock.unlock();
-        }
     }
 
     @Override
-    public void setWantClientAuth(boolean want) {
-        socketLock.lock();
-        try {
-            conContext.sslConfig.clientAuthType =
-                    (want ? ClientAuthType.CLIENT_AUTH_REQUESTED :
-                            ClientAuthType.CLIENT_AUTH_NONE);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized void setWantClientAuth(boolean want) {
+        conContext.sslConfig.clientAuthType =
+                (want ? ClientAuthType.CLIENT_AUTH_REQUESTED :
+                        ClientAuthType.CLIENT_AUTH_NONE);
     }
 
     @Override
-    public boolean getWantClientAuth() {
-        socketLock.lock();
-        try {
-            return (conContext.sslConfig.clientAuthType ==
+    public synchronized boolean getWantClientAuth() {
+        return (conContext.sslConfig.clientAuthType ==
                         ClientAuthType.CLIENT_AUTH_REQUESTED);
-        } finally {
-            socketLock.unlock();
-        }
     }
 
     @Override
-    public void setEnableSessionCreation(boolean flag) {
-        socketLock.lock();
-        try {
-            conContext.sslConfig.enableSessionCreation = flag;
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized void setEnableSessionCreation(boolean flag) {
+        conContext.sslConfig.enableSessionCreation = flag;
     }
 
     @Override
-    public boolean getEnableSessionCreation() {
-        socketLock.lock();
-        try {
-            return conContext.sslConfig.enableSessionCreation;
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized boolean getEnableSessionCreation() {
+        return conContext.sslConfig.enableSessionCreation;
     }
 
     @Override
     public boolean isClosed() {
         return tlsIsClosed;

@@ -616,31 +533,28 @@
             }
         }
 
         // Need a lock here so that the user_canceled alert and the
         // close_notify alert can be delivered together.
-        conContext.outputRecord.recordLock.lock();
         try {
-            try {
+            synchronized (conContext.outputRecord) {
                 // send a user_canceled alert if needed.
                 if (useUserCanceled) {
                     conContext.warning(Alert.USER_CANCELED);
                 }
 
                 // send a close_notify alert
                 conContext.warning(Alert.CLOSE_NOTIFY);
-            } finally {
-                if (!conContext.isOutboundClosed()) {
-                    conContext.outputRecord.close();
-                }
-
-                if ((autoClose || !isLayered()) && !super.isOutputShutdown()) {
-                    super.shutdownOutput();
-                }
             }
         } finally {
-            conContext.outputRecord.recordLock.unlock();
+            if (!conContext.isOutboundClosed()) {
+                conContext.outputRecord.close();
+            }
+
+            if ((autoClose || !isLayered()) && !super.isOutputShutdown()) {
+                super.shutdownOutput();
+            }
         }
 
         if (!isInputShutdown()) {
             bruteForceCloseInput(hasCloseReceipt);
         }

@@ -765,49 +679,41 @@
         return conContext.isOutboundClosed() &&
                 ((autoClose || !isLayered()) ? super.isOutputShutdown(): true);
     }
 
     @Override
-    public InputStream getInputStream() throws IOException {
-        socketLock.lock();
-        try {
-            if (isClosed()) {
-                throw new SocketException("Socket is closed");
-            }
-
-            if (!isConnected) {
-                throw new SocketException("Socket is not connected");
-            }
+    public synchronized InputStream getInputStream() throws IOException {
+        if (isClosed()) {
+            throw new SocketException("Socket is closed");
+        }
 
-            if (conContext.isInboundClosed() || isInputShutdown()) {
-                throw new SocketException("Socket input is already shutdown");
-            }
+        if (!isConnected) {
+            throw new SocketException("Socket is not connected");
+        }
 
-            return appInput;
-        } finally {
-            socketLock.unlock();
+        if (conContext.isInboundClosed() || isInputShutdown()) {
+            throw new SocketException("Socket input is already shutdown");
         }
+
+        return appInput;
     }
 
     private void ensureNegotiated() throws IOException {
         if (conContext.isNegotiated || conContext.isBroken ||
                 conContext.isInboundClosed() || conContext.isOutboundClosed()) {
             return;
         }
 
-        handshakeLock.lock();
-        try {
+        synchronized (conContext) {     // handshake lock
             // double check the context status
             if (conContext.isNegotiated || conContext.isBroken ||
                     conContext.isInboundClosed() ||
                     conContext.isOutboundClosed()) {
                 return;
             }
 
             startHandshake();
-        } finally {
-            handshakeLock.unlock();
         }
     }
 
     /**
      * InputStream for application data as returned by

@@ -821,17 +727,10 @@
         private ByteBuffer buffer;
 
         // Is application data available in the stream?
         private volatile boolean appDataIsAvailable;
 
-        // reading lock
-        private final ReentrantLock readLock = new ReentrantLock();
-
-        // closing status
-        private volatile boolean isClosing;
-        private volatile boolean hasDepleted;
-
         AppInputStream() {
             this.appDataIsAvailable = false;
             this.buffer = ByteBuffer.allocate(4096);
         }
 

@@ -873,11 +772,12 @@
          * If the layer above needs more data, it asks for more, so we
          * are responsible only for blocking to fill at most one buffer,
          * and returning "-1" on non-fault EOF status.
          */
         @Override
-        public int read(byte[] b, int off, int len) throws IOException {
+        public int read(byte[] b, int off, int len)
+                throws IOException {
             if (b == null) {
                 throw new NullPointerException("the target buffer is null");
             } else if (off < 0 || len < 0 || len > b.length - off) {
                 throw new IndexOutOfBoundsException(
                         "buffer length: " + b.length + ", offset; " + off +

@@ -901,44 +801,15 @@
             if (!conContext.isNegotiated ||
                     conContext.isBroken || conContext.isInboundClosed()) {
                 throw new SocketException("Connection or inbound has closed");
             }
 
-            // Check if the input stream has been depleted.
-            //
-            // Note that the "hasDepleted" rather than the isClosing
-            // filed is checked here, in case the closing process is
-            // still in progress.
-            if (hasDepleted) {
-                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-                    SSLLogger.fine("The input stream has been depleted");
-                }
-
-                return -1;
-            }
-
             // Read the available bytes at first.
             //
             // Note that the receiving and processing of post-handshake message
             // are also synchronized with the read lock.
-            readLock.lock();
-            try {
-                // Double check if the Socket is invalid (error or closed).
-                if (conContext.isBroken || conContext.isInboundClosed()) {
-                    throw new SocketException(
-                            "Connection or inbound has closed");
-                }
-
-                // Double check if the input stream has been depleted.
-                if (hasDepleted) {
-                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-                        SSLLogger.fine("The input stream is closing");
-                    }
-
-                    return -1;
-                }
-
+            synchronized (this) {
                 int remains = available();
                 if (remains > 0) {
                     int howmany = Math.min(remains, len);
                     buffer.get(b, off, howmany);
 

@@ -966,22 +837,10 @@
                     handleException(e);
 
                     // dummy for compiler
                     return -1;
                 }
-            } finally {
-                // Check if the input stream is closing.
-                //
-                // If the deplete() did not hold the lock, clean up the
-                // input stream here.
-                try {
-                    if (isClosing) {
-                        readLockedDeplete();
-                    }
-                } finally {
-                    readLock.unlock();
-                }
             }
         }
 
         /**
          * Skip n bytes.

@@ -989,28 +848,23 @@
          * This implementation is somewhat less efficient than possible, but
          * not badly so (redundant copy).  We reuse the read() code to keep
          * things simpler.
          */
         @Override
-        public long skip(long n) throws IOException {
+        public synchronized long skip(long n) throws IOException {
             // dummy array used to implement skip()
             byte[] skipArray = new byte[256];
-            long skipped = 0;
 
-            readLock.lock();
-            try {
-                while (n > 0) {
-                    int len = (int)Math.min(n, skipArray.length);
-                    int r = read(skipArray, 0, len);
-                    if (r <= 0) {
-                        break;
-                    }
-                    n -= r;
-                    skipped += r;
+            long skipped = 0;
+            while (n > 0) {
+                int len = (int)Math.min(n, skipArray.length);
+                int r = read(skipArray, 0, len);
+                if (r <= 0) {
+                    break;
                 }
-            } finally {
-                readLock.unlock();
+                n -= r;
+                skipped += r;
             }
 
             return skipped;
         }
 

@@ -1019,11 +873,11 @@
             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                 SSLLogger.finest("Closing input stream");
             }
 
             try {
-                SSLSocketImpl.this.close();
+                shutdownInput(false);
             } catch (IOException ioe) {
                 // ignore the exception
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                     SSLLogger.warning("input stream close failed", ioe);
                 }

@@ -1054,77 +908,46 @@
 
         /**
          * Try the best to use up the input records so as to close the
          * socket gracefully, without impact the performance too much.
          */
-        private void deplete() {
-            if (conContext.isInboundClosed() || isClosing) {
-                return;
-            }
-
-            isClosing = true;
-            if (readLock.tryLock()) {
-                try {
-                    readLockedDeplete();
-                } finally {
-                    readLock.unlock();
+        private synchronized void deplete() {
+            if (!conContext.isInboundClosed()) {
+                if (!(conContext.inputRecord instanceof SSLSocketInputRecord)) {
+                    return;
                 }
-            }
-        }
-
-        /**
-         * Try to use up the input records.
-         *
-         * Please don't call this method unless the readLock is held by
-         * the current thread.
-         */
-        private void readLockedDeplete() {
-            // double check
-            if (hasDepleted || conContext.isInboundClosed()) {
-                return;
-            }
-
-            if (!(conContext.inputRecord instanceof SSLSocketInputRecord)) {
-                return;
-            }
 
-            SSLSocketInputRecord socketInputRecord =
-                    (SSLSocketInputRecord)conContext.inputRecord;
-            try {
-                socketInputRecord.deplete(
-                    conContext.isNegotiated && (getSoTimeout() > 0));
-            } catch (Exception ex) {
-                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-                    SSLLogger.warning(
-                        "input stream close depletion failed", ex);
+                SSLSocketInputRecord socketInputRecord =
+                        (SSLSocketInputRecord)conContext.inputRecord;
+                try {
+                    socketInputRecord.deplete(
+                        conContext.isNegotiated && (getSoTimeout() > 0));
+                } catch (IOException ioe) {
+                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                        SSLLogger.warning(
+                            "input stream close depletion failed", ioe);
+                    }
                 }
-            } finally {
-                hasDepleted = true;
             }
         }
     }
 
     @Override
-    public OutputStream getOutputStream() throws IOException {
-        socketLock.lock();
-        try {
-            if (isClosed()) {
-                throw new SocketException("Socket is closed");
-            }
-
-            if (!isConnected) {
-                throw new SocketException("Socket is not connected");
-            }
+    public synchronized OutputStream getOutputStream() throws IOException {
+        if (isClosed()) {
+            throw new SocketException("Socket is closed");
+        }
 
-            if (conContext.isOutboundDone() || isOutputShutdown()) {
-                throw new SocketException("Socket output is already shutdown");
-            }
+        if (!isConnected) {
+            throw new SocketException("Socket is not connected");
+        }
 
-            return appOutput;
-        } finally {
-            socketLock.unlock();
+        if (conContext.isOutboundDone() || isOutputShutdown()) {
+            throw new SocketException("Socket output is already shutdown");
         }
+
+        return appOutput;
     }
 
 
     /**
      * OutputStream for application data as returned by

@@ -1199,89 +1022,59 @@
             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                 SSLLogger.finest("Closing output stream");
             }
 
             try {
-                SSLSocketImpl.this.close();
+                shutdownOutput();
             } catch (IOException ioe) {
                 // ignore the exception
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                     SSLLogger.warning("output stream close failed", ioe);
                 }
             }
         }
     }
 
     @Override
-    public SSLParameters getSSLParameters() {
-        socketLock.lock();
-        try {
-            return conContext.sslConfig.getSSLParameters();
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized SSLParameters getSSLParameters() {
+        return conContext.sslConfig.getSSLParameters();
     }
 
     @Override
-    public void setSSLParameters(SSLParameters params) {
-        socketLock.lock();
-        try {
-            conContext.sslConfig.setSSLParameters(params);
+    public synchronized void setSSLParameters(SSLParameters params) {
+        conContext.sslConfig.setSSLParameters(params);
 
-            if (conContext.sslConfig.maximumPacketSize != 0) {
-                conContext.outputRecord.changePacketSize(
-                        conContext.sslConfig.maximumPacketSize);
-            }
-        } finally {
-            socketLock.unlock();
+        if (conContext.sslConfig.maximumPacketSize != 0) {
+            conContext.outputRecord.changePacketSize(
+                    conContext.sslConfig.maximumPacketSize);
         }
     }
 
     @Override
-    public String getApplicationProtocol() {
-        socketLock.lock();
-        try {
-            return conContext.applicationProtocol;
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized String getApplicationProtocol() {
+        return conContext.applicationProtocol;
     }
 
     @Override
-    public String getHandshakeApplicationProtocol() {
-        socketLock.lock();
-        try {
-            if (conContext.handshakeContext != null) {
-                return conContext.handshakeContext.applicationProtocol;
-            }
-        } finally {
-            socketLock.unlock();
+    public synchronized String getHandshakeApplicationProtocol() {
+        if (conContext.handshakeContext != null) {
+            return conContext.handshakeContext.applicationProtocol;
         }
 
         return null;
     }
 
     @Override
-    public void setHandshakeApplicationProtocolSelector(
+    public synchronized void setHandshakeApplicationProtocolSelector(
             BiFunction<SSLSocket, List<String>, String> selector) {
-        socketLock.lock();
-        try {
-            conContext.sslConfig.socketAPSelector = selector;
-        } finally {
-            socketLock.unlock();
-        }
+        conContext.sslConfig.socketAPSelector = selector;
     }
 
     @Override
-    public BiFunction<SSLSocket, List<String>, String>
+    public synchronized BiFunction<SSLSocket, List<String>, String>
             getHandshakeApplicationProtocolSelector() {
-        socketLock.lock();
-        try {
-            return conContext.sslConfig.socketAPSelector;
-        } finally {
-            socketLock.unlock();
-        }
+        return conContext.sslConfig.socketAPSelector;
     }
 
     /**
      * Read the initial handshake records.
      */

@@ -1347,15 +1140,12 @@
                 buffer = ByteBuffer.allocate(inLen);
             }
 
             try {
                 Plaintext plainText;
-                socketLock.lock();
-                try {
+                synchronized (this) {
                     plainText = decode(buffer);
-                } finally {
-                    socketLock.unlock();
                 }
                 if (plainText.contentType == ContentType.APPLICATION_DATA.id &&
                         buffer.position() > 0) {
                     return buffer;
                 }

@@ -1430,37 +1220,31 @@
     /**
      * Initialize the handshaker and socket streams.
      *
      * Called by connect, the layered constructor, and SSLServerSocket.
      */
-    void doneConnect() throws IOException {
-        socketLock.lock();
-        try {
-            // In server mode, it is not necessary to set host and serverNames.
-            // Otherwise, would require a reverse DNS lookup to get
-            // the hostname.
-            if (peerHost == null || peerHost.isEmpty()) {
-                boolean useNameService =
-                        trustNameService && conContext.sslConfig.isClientMode;
-                useImplicitHost(useNameService);
-            } else {
-                conContext.sslConfig.serverNames =
-                        Utilities.addToSNIServerNameList(
-                                conContext.sslConfig.serverNames, peerHost);
-            }
+    synchronized void doneConnect() throws IOException {
+        // In server mode, it is not necessary to set host and serverNames.
+        // Otherwise, would require a reverse DNS lookup to get the hostname.
+        if (peerHost == null || peerHost.isEmpty()) {
+            boolean useNameService =
+                    trustNameService && conContext.sslConfig.isClientMode;
+            useImplicitHost(useNameService);
+        } else {
+            conContext.sslConfig.serverNames =
+                    Utilities.addToSNIServerNameList(
+                            conContext.sslConfig.serverNames, peerHost);
+        }
 
-            InputStream sockInput = super.getInputStream();
-            conContext.inputRecord.setReceiverStream(sockInput);
+        InputStream sockInput = super.getInputStream();
+        conContext.inputRecord.setReceiverStream(sockInput);
 
-            OutputStream sockOutput = super.getOutputStream();
-            conContext.inputRecord.setDeliverStream(sockOutput);
-            conContext.outputRecord.setDeliverStream(sockOutput);
+        OutputStream sockOutput = super.getOutputStream();
+        conContext.inputRecord.setDeliverStream(sockOutput);
+        conContext.outputRecord.setDeliverStream(sockOutput);
 
-            this.isConnected = true;
-        } finally {
-            socketLock.unlock();
-        }
+        this.isConnected = true;
     }
 
     private void useImplicitHost(boolean useNameService) {
         // Note: If the local name service is not trustworthy, reverse
         // host name resolution should not be performed for endpoint

@@ -1502,20 +1286,15 @@
     // ONLY used by HttpsClient to setup the URI specified hostname
     //
     // Please NOTE that this method MUST be called before calling to
     // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter
     // may override SNIHostName in the customized server name indication.
-    public void setHost(String host) {
-        socketLock.lock();
-        try {
-            this.peerHost = host;
-            this.conContext.sslConfig.serverNames =
-                    Utilities.addToSNIServerNameList(
-                            conContext.sslConfig.serverNames, host);
-        } finally {
-            socketLock.unlock();
-        }
+    public synchronized void setHost(String host) {
+        this.peerHost = host;
+        this.conContext.sslConfig.serverNames =
+                Utilities.addToSNIServerNameList(
+                        conContext.sslConfig.serverNames, host);
     }
 
     /**
      * Handle an exception.
      *
< prev index next >