Work-around for HTTPCLIENT-1051

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.1.x@1152372 13f79535-47bb-0310-9956-ffa450edef68

RELEASE_NOTES.txt

@@ -33,6 +33,8 @@ since release 4.1.1.
   do not correctly handle content streaming.
   Contributed by James Abley <james.abley at gmail.com> 
 
+* [HTTPCLIENT-1051] Avoid reverse DNS lookups when opening SSL connections by IP address.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
 
 Release 4.1.1
 -------------------

httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java

@@ -376,17 +376,25 @@ public Socket connectSocket(
         } catch (SocketTimeoutException ex) {
             throw new ConnectTimeoutException("Connect to " + remoteAddress + " timed out");
         }
+
+        // HttpInetSocketAddress#toString() returns original hostname value of the remote address
+        String hostname = remoteAddress.toString();
+        int port = remoteAddress.getPort();
+        String s = ":" + port;
+        if (hostname.endsWith(s)) {
+            hostname = hostname.substring(0, hostname.length() - s.length());
+        }
+
         SSLSocket sslsock;
         // Setup SSL layering if necessary
         if (sock instanceof SSLSocket) {
             sslsock = (SSLSocket) sock;
         } else {
-            sslsock = (SSLSocket) this.socketfactory.createSocket(
-                    sock, remoteAddress.getHostName(), remoteAddress.getPort(), true);
+            sslsock = (SSLSocket) this.socketfactory.createSocket(sock, hostname, port, true);
         }
         if (this.hostnameVerifier != null) {
             try {
-                this.hostnameVerifier.verify(remoteAddress.getHostName(), sslsock);
+                this.hostnameVerifier.verify(hostname, sslsock);
                 // verifyHostName() didn't blowup - good!
             } catch (IOException iox) {
                 // close the socket before re-throwing the exception