| 9473606aca0af1a6410b2ea396c8a6609cf16940 |
|
20-Sep-2012 |
Geremy Condra <gcondra@google.com> |
Add cached trust anchors to the chain prior to checking pinning.
This avoids an issue where intermediate certs are assumed cached
rather than provided by the server.
Bug: 7195828
Change-Id: I44e033ddc40a7a259bac888bf2b873d9bb81becc
|
| 924af71bb26b7c35f702de9a3425109c73184a53 |
|
19-Sep-2012 |
Geremy Condra <gcondra@google.com> |
Restructure logging to ease the transition to dropbox.
Bug: 7190096
Change-Id: Ib16bcd47712890fd627027ebacacc511870b31b0
|
| 6d2a17ab04ab0967e3bff7fe6280066ef66d1d76 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support.
This has four main changes:
First, it adds a CertPinManager to TrustManagerImpl that checks to
ensure that the chain is properly pinned.
Second, it adds the CertPinManager and associated classes to
implement cert pinning at this level.
Third, it changes the callers of checkServerTrusted to pass in a
hostname where possible, allowing them to make use of the pinning
transparently.
Finally, it changes checkServerTrusted to return the ultimate
chain that was verified, which is useful for implementing pinning
at a higher level.
cherry-picked from 5315f29b2de4aace0077b78f0b99634fda440b85
Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|
| c77290eaef032e5e8952d65e0456b091b6b50804 |
|
20-May-2011 |
Brian Carlstrom <bdc@google.com> |
Remove IndexedPKIXParameters
Change-Id: Idaaa1952d1b6148c51b3da5d1771105e8bde8a03
|