| 6d2a17ab04ab0967e3bff7fe6280066ef66d1d76 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support.
This has four main changes:
First, it adds a CertPinManager to TrustManagerImpl that checks to
ensure that the chain is properly pinned.
Second, it adds the CertPinManager and associated classes to
implement cert pinning at this level.
Third, it changes the callers of checkServerTrusted to pass in a
hostname where possible, allowing them to make use of the pinning
transparently.
Finally, it changes checkServerTrusted to return the ultimate
chain that was verified, which is useful for implementing pinning
at a higher level.
cherry-picked from 5315f29b2de4aace0077b78f0b99634fda440b85
Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|