| f743e54f2d761c742d99ac868705818616dcf74f |
|
15-Sep-2012 |
Geremy Condra <gcondra@google.com> |
Change verifyServerDomainAndCertificates to pass in a hostname.
This is required for cert pinning.
Change-Id: I16041f17e97d9ae592a2b809f6a8164268338d1b
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 866666071bc49bd0c4fcd1776c9d9036d4e29fec |
|
08-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Tracking changes to SSLParametersImpl.getDefaultTrustManager()
Change-Id: I0bcf2bbcd2581f6b66e08d1c6f0de24bf8d34199
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 93ba4fedebb78ba47c24e8472c8960ea8fdc933a |
|
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates.
Bug: 6009802
Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
Listen to credential storage updates and clean state when necessary.
Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 43e41580e4c700e970cc5e62180a767ab424da6d |
|
16-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Revert "Act on credential storage updates."
This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 |
|
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates.
Bug: 6009802
Listen to credential storage updates and clean state when necessary.
Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 52cd299eef703030f8fcf7a92f413791301771cc |
|
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 2/2
Bug: http://b/5619726
Change-Id: I165eb3befcef104ff56ffb466c87c60b632f3194
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 8234bdb36a951c1265b2bc702c06bab09509a615 |
|
09-Nov-2010 |
Huahui Wu <hwu@google.com> |
b/2864818 use authType for cert verification.
Change-Id: I2a3cb963165a7e2e4e72a1d398205b31f769cafa
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 85ffa26f67efad30912e1561b5123b6f8f5827ee |
|
08-Nov-2010 |
Huahui Wu <hwu@google.com> |
Expose the cert validator to JNI.
Change-Id: Ie31919e762b1f528b319c251ccfd891dd7738544
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 02ca44b13c7aa66f99242dbcb07feac877153754 |
|
22-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Move improved cert chain handling from CertificateChainValidator to TrustManagerImpl
Bug: 2658463
Change-Id: Iaf27e6b37ad4ad3951ecccc17eab64049bbfaac0
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| b3f23da320991dd078b6cc55c719201cd8d7eb1c |
|
15-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
am e68f8b7e: am 405d4db5: Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters
Merge commit 'e68f8b7ebe898ec06d7a156964d498e3d0a2e6c0'
* commit 'e68f8b7ebe898ec06d7a156964d498e3d0a2e6c0':
Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters
|
| 405d4db50b3db1fc5e015475218e190d193332d4 |
|
14-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters
Bug: 2672817
Change-Id: Ibe20830f024f76232f3628cfca922d49a5a06bef
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| e103355d9332e2fab9d5c408e824ac8ab3b915a7 |
|
05-May-2010 |
Brian Carlstrom <bdc@google.com> |
Remove explicit SSLSocket.startHandshake
When dalvik-dev merges to master, startHandshake will imply that
the caller wants a fully synchronous handshake instead of using
handshake cutthrough. This removes an unnecessary startHandshake
from the CertificateChainValidator.
core/java/android/net/http/CertificateChainValidator.java
Change-Id: Ie28abd961a06b28fa780d62b0063371ef4dc1eec
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 2269d1572e5fcfb725ea55f5764d8c3280d69f6d |
|
25-Feb-2010 |
Dianne Hackborn <hackbod@google.com> |
Re-arrange android-common so framework no longer links with it.
This is the framework part, moving classes around so the framework
no longer needs to link to android-common. Makes some APIs public,
others that didn't need to be public are private in the framework,
some small things are copied.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| c4e834dc47885c8dbd3a2911ce4b9fccde21c800 |
|
08-Jan-2010 |
Huahui Wu <hwu@google.com> |
Rebuild a cleaner certificates chain before validating it.
This change cleans the server certificates:
1. Use the end-entity certificate as found in the chain received from the server as the end-entity cert for the newly built chain.
2. Look at the last cert in the newly built chain, specifically it's "issuer" field. If there's a cert in the chain as received with this as the "subject", and this cert hasn't yet been moved into the newly built chain, move it there (as the new last cert). Repeat this step 2 until you can't continue (because there's no matching previously unused cert left).
3. If the last certificate in the new chain has expired (and it's not the end-entity cert), remember this fact, and remove it (so that we can try if we can validating the chain for a different root). If in this case it turns out that we still can't validate the chain, it's probably the cert expiry error that should be displayed.
This CL also cleans the redundant error detection code and reduces the error messages to two types, which are the only two make differences to the user:
a. SSL_IDMISMATCH for name mismatch,
b. SSL_UNTRUSTED for other reasons.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 8f028a94fc533e75077485a7d11a04e4de820335 |
|
08-Jan-2010 |
Makoto Onuki <omakoto@google.com> |
Moved DomainNameChecker to android common.
- Moved DomainNameChecker from android.net.http to android common, and renamed to DomainNameValidator.
- Added a simplified version of DNParser, which DomainNameValidator uses instead of X509Name in order to extract Subject Name from a certificate.
- Added unit tests for DomainNameChecker and DNParser.
There's a suspicious comment in DomainNameChecker saying something like "X509Certificate fails to parse a certificate when a subject alt name begins with '*'". I think we should fix it if it's really the case -- otherwise certificates with the wildcard wouldn't work. I'll see if it's true after submitting this patch.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| e97c2006bf7c391c933307e520a392e532aa5d6a |
|
21-Aug-2009 |
Bob Lee <crazybob@google.com> |
Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 886f3d69b79748fe937725e33b8bbb3d67ab82c7 |
|
25-Mar-2009 |
Bob Lee <> |
Automated import from //branches/donutburger/...@141355,141355
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 9066cfe9886ac131c34d59ed0e2d287b0e3c0087 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| d83a98f4ce9cfa908f5c54bbd70f03eec07e7553 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 076357b8567458d4b6dfdcf839ef751634cd2bfb |
|
03-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@132589
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 3dec7d563a2f3e1eb967ce2054a00b6620e3558c |
|
03-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@137055
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 54b6cfa9a9e5b861a9930af873580d6dc20f773c |
|
21-Oct-2008 |
The Android Open Source Project <initial-contribution@android.com> |
Initial Contribution
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|