6d2a17ab04ab0967e3bff7fe6280066ef66d1d76 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support. This has four main changes: First, it adds a CertPinManager to TrustManagerImpl that checks to ensure that the chain is properly pinned. Second, it adds the CertPinManager and associated classes to implement cert pinning at this level. Third, it changes the callers of checkServerTrusted to pass in a hostname where possible, allowing them to make use of the pinning transparently. Finally, it changes checkServerTrusted to return the ultimate chain that was verified, which is useful for implementing pinning at a higher level. cherry-picked from 5315f29b2de4aace0077b78f0b99634fda440b85 Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|