9473606aca0af1a6410b2ea396c8a6609cf16940 |
|
20-Sep-2012 |
Geremy Condra <gcondra@google.com> |
Add cached trust anchors to the chain prior to checking pinning. This avoids an issue where intermediate certs are assumed cached rather than provided by the server. Bug: 7195828 Change-Id: I44e033ddc40a7a259bac888bf2b873d9bb81becc
|
924af71bb26b7c35f702de9a3425109c73184a53 |
|
19-Sep-2012 |
Geremy Condra <gcondra@google.com> |
Restructure logging to ease the transition to dropbox. Bug: 7190096 Change-Id: Ib16bcd47712890fd627027ebacacc511870b31b0
|
6d2a17ab04ab0967e3bff7fe6280066ef66d1d76 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support. This has four main changes: First, it adds a CertPinManager to TrustManagerImpl that checks to ensure that the chain is properly pinned. Second, it adds the CertPinManager and associated classes to implement cert pinning at this level. Third, it changes the callers of checkServerTrusted to pass in a hostname where possible, allowing them to make use of the pinning transparently. Finally, it changes checkServerTrusted to return the ultimate chain that was verified, which is useful for implementing pinning at a higher level. cherry-picked from 5315f29b2de4aace0077b78f0b99634fda440b85 Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|
c77290eaef032e5e8952d65e0456b091b6b50804 |
|
20-May-2011 |
Brian Carlstrom <bdc@google.com> |
Remove IndexedPKIXParameters Change-Id: Idaaa1952d1b6148c51b3da5d1771105e8bde8a03
|