From d075893cbc254bf52fdf9bdbc4e45be9a58f4a9d Mon Sep 17 00:00:00 2001
From: Reda Chouk <reda@wolfssl.com>
Date: Wed, 5 Feb 2025 15:15:41 +0100
Subject: [PATCH] wolfjsse: auto-enable SNI for HttpsURLConnection

Enable SNI automatically when detecting HttpsURLConnection's unique initialization pattern, fixing ImpactOnSNI test while preserving default SNI behavior for SSL sockets.
---
 .../provider/jsse/WolfSSLEngineHelper.java     | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
index 187ca23..099cb75 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
@@ -890,7 +890,23 @@ public class WolfSSLEngineHelper {
          * This allows users to enable legacy hostname-based SNI behavior
          * through java.security configuration rather than JVM arguments. */
         boolean autoSNI = "true".equalsIgnoreCase(
-            Security.getProperty("wolfjsse.autoSNI"));
+                        Security.getProperty("wolfjsse.autoSNI"));
+
+        /* Detect HttpsURLConnection usage by checking:
+         * - Client mode is set (client-side connection)
+         * - Has hostname from URL
+         * - Has peer address from socket
+         * - No explicit SNI configuration
+         * This pattern is unique to HttpsURLConnection initialization
+         */
+        boolean isHttpsConnection = this.clientMode &&
+                this.hostname != null &&
+                this.peerAddr != null &&
+                this.params.getServerNames() == null;
+
+        /* Enable SNI if explicitly requested via property or if
+         * HttpsURLConnection is detected */
+        autoSNI = autoSNI || isHttpsConnection;
 
         if (!enableSNI) {
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,