f7ab2bc37debba91864bfec6572a3e7bbe994c58 |
|
06-May-2015 |
Piotr Jastrzebski <haaawk@google.com> |
Use OpenJdk implementation of java.net.* - Add FileURLConnection. - NetworkUtilities : Update field names in JNI. - Suppress a few libcore tests that rely on internal implementation details. - Remove code that loads the net library (not needed on android). - DatagramSocket : Add setNetworkInterface method. - HttpCookie : make parse & field public - Inet4Address / Inet6Address : Add getAddressInternal. - InetAddress : Add methods required by frameworks/base, particularly those required to deal with net-ids and scope ids. - URI : Add UriCodec static members for AUTHORITY_ENCODER and friends. - URL : Add toUriLenient - URLStreamHandler : Add a toExternalForm variant that optionally escapes illegal chars. - Inet4AddressImpl.c : Unconditionally define HAS_GLIBC_GETHOSTBY_R Change-Id: Ic51f863941f5d954ed6cf86309cc610e711d54bd
|
c406d4ab6f64ea281ed33bebde86fc8defd0c64d |
|
22-Jul-2015 |
Daniel Xie <dxie@google.com> |
DO NOT MERGE ANYWHERE: reverting 18432707 to kitkat-cts-dev due to missing CVE Change-Id: I5688b4a658cef3b0822bfd9fc9ac0631abf6d733
|
f4ce5a45f9e047bb73b84d17606a93540b686650 |
|
21-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Modernize requirements for platform-default HostnameVerifier. This brings the requirements for platform-default HostnameVerifier up to date with the intersection of RFC 2818 and Baseline Requirements. The changes are: * Absolute domain names are fully supported. All presented hostnames are treated as absolute domain names. All domain names in server certificates are treated as absolute domain names as well. * Wildcard character (*) is permitted only in the left-most domain name label and must be the only character in that label. For example, *.example.com is permitted, while *a.example.com, a*.example.com, a*b.example.com, a.*.example.com are not permitted. * Wildcard character (*) must match exactly one domain name label. For example, *.example.com matches www.example.com, but does not match example.com or www.test.example.com. * Wildcard pattern cannot mach single-label domain names: * and *. patterns are rejected. * Wildcard character (*) is not supported in presented host names. Bug: 17482685 Bug: 17548724 Bug: 17552202 Bug: 17715547 Change-Id: I1c2b37847c9ba27d70da6c11a13c9bb3880d38c1
|
688508959f192d1b678e00f860faf3c52d20f96c |
|
24-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
CTS tests for the platform-default HostnameVerifier. This repurposes tests for DefaultHostnameVerifier class to test the platform-default HostnameVerifier (as provided by HttpsURLConnection.getDefaultHostnameVerifier()). This is to ensure that its contract remains stable and tested, regardless of which implementation is used by default. Bug: 18481199 Change-Id: Iaaf2f2274f8412eca2544d1e62c2523028914e07
|
77a7e48ac80c5bb9ac4d9b6bfdecf31d46b09fd1 |
|
19-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix a bug in DefaultHostnameVerifier wildcard handling. Wildcard domain name patterns of the form *.remainder are supposed to match domain names that exactly match the remainder. Due to a bug, the match was not exact but rather a prefix match: domain names starting with the remainder would match too. This CL fixes the issue. (cherry picked from commit eecc5b7cf59b1b03ab030d01cc2c4875c8287336) Bug: 18432707 Change-Id: I3b7715adf7a66e57fafe2a0218a73f4ff2dd4182
|
eecc5b7cf59b1b03ab030d01cc2c4875c8287336 |
|
19-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix a bug in DefaultHostnameVerifier wildcard handling. Wildcard domain name patterns of the form *.remainder are supposed to match domain names that exactly match the remainder. Due to a bug, the match was not exact but rather a prefix match: domain names starting with the remainder would match too. This CL fixes the issue. Bug: 18432707 Change-Id: Ic2fccbfeac4f5d6e71b49ecbd36c248214baebad
|
fc3d4de60de1465b8826cbdf2fc4b894bb3054d7 |
|
18-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix DefaultHostnameVerifierTest failure. The failure was caused by me forgetting to update the tests when merging in 14d4830f4048657722cbec1c4aaa8747a07c9495 which makes DefaultHostnameVerifier reject wildcard domain name patterns consisting of fewer than two labels (excluding root). Bug: 17552202 Change-Id: Ibd1928621dbffb43830ff9d014eb1e3c50232172
|
14d4830f4048657722cbec1c4aaa8747a07c9495 |
|
17-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
Reject wildcard certs for single-label domain names. Rejecting wildcard certs for two- (e.g., *.com) or three-label (e.g., *.co.uk) domain name patterns requires having a frequently updated Prefix Suffix List. Bug: 17552202 Change-Id: Iecd1dc8e22a51f4d779821094c5f55b310171a74
|
9be69a95272f93d7daa19053c61fae7c3d8ff30d |
|
17-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
Enable hostname verification for absolute hostnames. This makes the DefaultHostnameVerifier (the platform default HostnameVerifier) match relative hostname patterns from CN and DNS SubjectAltNames fields of TLS/SSL server certificates against absolute hostnames. Absolute hostname patterns will still never match relative hostnames because it is not known to what absolute name a relative name was resolved by DNS. For example, if hostname is "www.android.com." and server certificate is for "www.android.com", hostname verification will now pass. Whereas, if hostname is "www.android.com" and server certificate is for "www.android.com.", hostname verification will still fail. All of this is needed because server certificates do not normally contain absolute hostnames or hostname patterns. At the same time, connections via absolute hostnames should be supported and even preferred in most cases, to avoid DNS search suffixes being added. Bug: 17482685 Change-Id: I3f2006fa1110004b18ce627675334d2a54805c7a
|
2a6f23ff8690ac2f025588a360547ce96cde0943 |
|
29-Jun-2013 |
Elliott Hughes <enh@google.com> |
Add java.nio.charsets.StandardCharsets. Bug: 3484927 Change-Id: I5820267491b850b8fcc696fa48962710de123009
|
1331404bf45cb2f220ee9aa2c0c108ce59453a74 |
|
21-Dec-2012 |
Brian Carlstrom <bdc@google.com> |
Should favor last CN when working with distinguished names Bug: 7894348 Bug: http://code.google.com/p/android/issues/detail?id=41662 Change-Id: I3814d653b628f6af12ce1ba59b39b1c7cc45e124
|
57d73e33dc039f6fff06db52106a358192868060 |
|
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 1/2 This replaces our libcore's DefaultHostnameVerifier. The frameworks/base verifier is better exercised because it's used by the browser. The libcore one includes a few dubious behaviors: parsing toString() and non-standard TLD validation. Behavior changes in libcore: - A wildcard cert like *.co.uk would be honored. This would require a rogue CA. We had a comment documenting that other SSL clients don't do this. - Wildcards in substrings like "f*.android.com" are now supported. - Wildcards match without a child domain: "*.android.com" will match "android.com". - If an alt name is present, the CN is not used. - subject alt name IP addresses are supported. This also moves the tests into libcore. Bug: http://b/5619726 Change-Id: Ia952c33f8009ee3c5ed5935ae5f74b6093b1b8e0
|