57d73e33dc039f6fff06db52106a358192868060 |
|
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 1/2 This replaces our libcore's DefaultHostnameVerifier. The frameworks/base verifier is better exercised because it's used by the browser. The libcore one includes a few dubious behaviors: parsing toString() and non-standard TLD validation. Behavior changes in libcore: - A wildcard cert like *.co.uk would be honored. This would require a rogue CA. We had a comment documenting that other SSL clients don't do this. - Wildcards in substrings like "f*.android.com" are now supported. - Wildcards match without a child domain: "*.android.com" will match "android.com". - If an alt name is present, the CN is not used. - subject alt name IP addresses are supported. This also moves the tests into libcore. Bug: http://b/5619726 Change-Id: Ia952c33f8009ee3c5ed5935ae5f74b6093b1b8e0
|