6d2a17ab04ab0967e3bff7fe6280066ef66d1d76 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support. This has four main changes: First, it adds a CertPinManager to TrustManagerImpl that checks to ensure that the chain is properly pinned. Second, it adds the CertPinManager and associated classes to implement cert pinning at this level. Third, it changes the callers of checkServerTrusted to pass in a hostname where possible, allowing them to make use of the pinning transparently. Finally, it changes checkServerTrusted to return the ultimate chain that was verified, which is useful for implementing pinning at a higher level. cherry-picked from 5315f29b2de4aace0077b78f0b99634fda440b85 Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|
5315f29b2de4aace0077b78f0b99634fda440b85 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support. This has four main changes: First, it adds a CertPinManager to TrustManagerImpl that checks to ensure that the chain is properly pinned. Second, it adds the CertPinManager and associated classes to implement cert pinning at this level. Third, it changes the callers of checkServerTrusted to pass in a hostname where possible, allowing them to make use of the pinning transparently. Finally, it changes checkServerTrusted to return the ultimate chain that was verified, which is useful for implementing pinning at a higher level. Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|
3267a46b52d848e1e9e20c226512688f0c50d4c3 |
|
25-Aug-2011 |
Jeff Sharkey <jsharkey@android.com> |
Return real FileDescriptor in Socket wrappers. In classes that wrap another Socket, return the real FileDescriptor from the wrapped Socket. Bug: 5189186 Change-Id: I157feb6991def9110eaf0ea82365b6f5b95b9372
|
6812a2e8bb43d9a875633a9ba255d9882c63e327 |
|
14-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters Bug: 2672817 Change-Id: Iadf21b848eaf8850fce22721b9ba3739ab2e9fca
|
7329fa972d9c20777444e5e1b13169d700de6567 |
|
29-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Fixes to support new dalvik.googlecode.com benchmarks The following new benchmarks where tested with the below changes: - DigestBenchmark - MessageDigestBenchmark - SSLSocketBenchmark - SignatureBenchmark Fix package name of OpenSSLProvider luni/src/main/java/java/security/security.properties Restore Java (vs OpenSSL) SSLSocket wrappers on SSLEngine for benchmarking luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketInputStream.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketOutputStream.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketWrapper.java Restore HandshakeProtocol.socketOwner code for SSLSocket to function luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Remove unneeded OpenSSLMessageDigestJDK.getInstance since these are registered via OpenSSLProvider and SHA224 which is not part of the RI. We had already removed the BouncyCastle version of this. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java luni/src/test/java/tests/targets/security/AllTests.java luni/src/test/java/tests/targets/security/MessageDigestTestSHA224.java luni/src/test/java/tests/targets/security/SignatureTestSHA224withRSA.java Change-Id: I7daae7f0d9f50acad6df9157eac1b0133af83062
|