Code example for SSLException

0
     * so "foo.bar.example.com" is verified if the peer has a certificate 
     * for "*.example.com". 
     * 
     * @param socket An SSL socket which has been connected to a server 
     * @param hostname The expected hostname of the remote server 
     * @throws IOException if something goes wrong handshaking with the server 
     * @throws SSLPeerUnverifiedException if the server cannot prove its identity 
      */ 
    private void verifyHostname(Socket socket, String hostname) throws IOException {
        // The code at the start of OpenSSLSocketImpl.startHandshake() 
        // ensures that the call is idempotent, so we can safely call it. 
        SSLSocket ssl = (SSLSocket) socket;
        ssl.startHandshake();
 
        SSLSession session = ssl.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        } 
        // TODO: Instead of reporting the name of the server we think we're connecting to, 
        // we should be reporting the bad name in the certificate.  Unfortunately this is buried 
        // in the verifier code and is not available in the verifier API, and extracting the