| 57d73e33dc039f6fff06db52106a358192868060 |
|
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 1/2
This replaces our libcore's DefaultHostnameVerifier.
The frameworks/base verifier is better exercised because it's used by
the browser. The libcore one includes a few dubious behaviors: parsing
toString() and non-standard TLD validation.
Behavior changes in libcore:
- A wildcard cert like *.co.uk would be honored. This would require
a rogue CA. We had a comment documenting that other SSL clients don't
do this.
- Wildcards in substrings like "f*.android.com" are now supported.
- Wildcards match without a child domain: "*.android.com" will match
"android.com".
- If an alt name is present, the CN is not used.
- subject alt name IP addresses are supported.
This also moves the tests into libcore.
Bug: http://b/5619726
Change-Id: Ia952c33f8009ee3c5ed5935ae5f74b6093b1b8e0
|