| f7ab2bc37debba91864bfec6572a3e7bbe994c58 |
|
06-May-2015 |
Piotr Jastrzebski <haaawk@google.com> |
Use OpenJdk implementation of java.net.*
- Add FileURLConnection.
- NetworkUtilities : Update field names in JNI.
- Suppress a few libcore tests that rely on internal implementation
details.
- Remove code that loads the net library (not needed on android).
- DatagramSocket : Add setNetworkInterface method.
- HttpCookie : make parse & field public
- Inet4Address / Inet6Address : Add getAddressInternal.
- InetAddress : Add methods required by frameworks/base, particularly
those required to deal with net-ids and scope ids.
- URI : Add UriCodec static members for AUTHORITY_ENCODER and friends.
- URL : Add toUriLenient
- URLStreamHandler : Add a toExternalForm variant that optionally
escapes illegal chars.
- Inet4AddressImpl.c : Unconditionally define HAS_GLIBC_GETHOSTBY_R
Change-Id: Ic51f863941f5d954ed6cf86309cc610e711d54bd
|
| c406d4ab6f64ea281ed33bebde86fc8defd0c64d |
|
22-Jul-2015 |
Daniel Xie <dxie@google.com> |
DO NOT MERGE ANYWHERE: reverting 18432707 to kitkat-cts-dev due
to missing CVE
Change-Id: I5688b4a658cef3b0822bfd9fc9ac0631abf6d733
|
| f4ce5a45f9e047bb73b84d17606a93540b686650 |
|
21-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Modernize requirements for platform-default HostnameVerifier.
This brings the requirements for platform-default HostnameVerifier up
to date with the intersection of RFC 2818 and Baseline Requirements.
The changes are:
* Absolute domain names are fully supported. All presented
hostnames are treated as absolute domain names. All domain names in
server certificates are treated as absolute domain names as well.
* Wildcard character (*) is permitted only in the left-most domain
name label and must be the only character in that label. For
example, *.example.com is permitted, while *a.example.com,
a*.example.com, a*b.example.com, a.*.example.com are not permitted.
* Wildcard character (*) must match exactly one domain name label.
For example, *.example.com matches www.example.com, but does not
match example.com or www.test.example.com.
* Wildcard pattern cannot mach single-label domain names: * and *.
patterns are rejected.
* Wildcard character (*) is not supported in presented host names.
Bug: 17482685
Bug: 17548724
Bug: 17552202
Bug: 17715547
Change-Id: I1c2b37847c9ba27d70da6c11a13c9bb3880d38c1
|
| 688508959f192d1b678e00f860faf3c52d20f96c |
|
24-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
CTS tests for the platform-default HostnameVerifier.
This repurposes tests for DefaultHostnameVerifier class to test the
platform-default HostnameVerifier (as provided by
HttpsURLConnection.getDefaultHostnameVerifier()). This is to ensure
that its contract remains stable and tested, regardless of which
implementation is used by default.
Bug: 18481199
Change-Id: Iaaf2f2274f8412eca2544d1e62c2523028914e07
|
| 77a7e48ac80c5bb9ac4d9b6bfdecf31d46b09fd1 |
|
19-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix a bug in DefaultHostnameVerifier wildcard handling.
Wildcard domain name patterns of the form *.remainder are supposed to
match domain names that exactly match the remainder. Due to a bug,
the match was not exact but rather a prefix match: domain names
starting with the remainder would match too.
This CL fixes the issue.
(cherry picked from commit eecc5b7cf59b1b03ab030d01cc2c4875c8287336)
Bug: 18432707
Change-Id: I3b7715adf7a66e57fafe2a0218a73f4ff2dd4182
|
| eecc5b7cf59b1b03ab030d01cc2c4875c8287336 |
|
19-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix a bug in DefaultHostnameVerifier wildcard handling.
Wildcard domain name patterns of the form *.remainder are supposed to
match domain names that exactly match the remainder. Due to a bug,
the match was not exact but rather a prefix match: domain names
starting with the remainder would match too.
This CL fixes the issue.
Bug: 18432707
Change-Id: Ic2fccbfeac4f5d6e71b49ecbd36c248214baebad
|
| fc3d4de60de1465b8826cbdf2fc4b894bb3054d7 |
|
18-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix DefaultHostnameVerifierTest failure.
The failure was caused by me forgetting to update the tests when
merging in 14d4830f4048657722cbec1c4aaa8747a07c9495 which makes
DefaultHostnameVerifier reject wildcard domain name patterns
consisting of fewer than two labels (excluding root).
Bug: 17552202
Change-Id: Ibd1928621dbffb43830ff9d014eb1e3c50232172
|
| 14d4830f4048657722cbec1c4aaa8747a07c9495 |
|
17-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
Reject wildcard certs for single-label domain names.
Rejecting wildcard certs for two- (e.g., *.com) or three-label (e.g.,
*.co.uk) domain name patterns requires having a frequently updated
Prefix Suffix List.
Bug: 17552202
Change-Id: Iecd1dc8e22a51f4d779821094c5f55b310171a74
|
| 9be69a95272f93d7daa19053c61fae7c3d8ff30d |
|
17-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
Enable hostname verification for absolute hostnames.
This makes the DefaultHostnameVerifier (the platform default
HostnameVerifier) match relative hostname patterns from CN and DNS
SubjectAltNames fields of TLS/SSL server certificates against
absolute hostnames. Absolute hostname patterns will still never match
relative hostnames because it is not known to what absolute name a
relative name was resolved by DNS.
For example, if hostname is "www.android.com." and server certificate
is for "www.android.com", hostname verification will now pass.
Whereas, if hostname is "www.android.com" and server certificate is
for "www.android.com.", hostname verification will still fail.
All of this is needed because server certificates do not normally
contain absolute hostnames or hostname patterns. At the same time,
connections via absolute hostnames should be supported and even
preferred in most cases, to avoid DNS search suffixes being added.
Bug: 17482685
Change-Id: I3f2006fa1110004b18ce627675334d2a54805c7a
|
| 2a6f23ff8690ac2f025588a360547ce96cde0943 |
|
29-Jun-2013 |
Elliott Hughes <enh@google.com> |
Add java.nio.charsets.StandardCharsets.
Bug: 3484927
Change-Id: I5820267491b850b8fcc696fa48962710de123009
|
| 1331404bf45cb2f220ee9aa2c0c108ce59453a74 |
|
21-Dec-2012 |
Brian Carlstrom <bdc@google.com> |
Should favor last CN when working with distinguished names
Bug: 7894348
Bug: http://code.google.com/p/android/issues/detail?id=41662
Change-Id: I3814d653b628f6af12ce1ba59b39b1c7cc45e124
|
| 57d73e33dc039f6fff06db52106a358192868060 |
|
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 1/2
This replaces our libcore's DefaultHostnameVerifier.
The frameworks/base verifier is better exercised because it's used by
the browser. The libcore one includes a few dubious behaviors: parsing
toString() and non-standard TLD validation.
Behavior changes in libcore:
- A wildcard cert like *.co.uk would be honored. This would require
a rogue CA. We had a comment documenting that other SSL clients don't
do this.
- Wildcards in substrings like "f*.android.com" are now supported.
- Wildcards match without a child domain: "*.android.com" will match
"android.com".
- If an alt name is present, the CN is not used.
- subject alt name IP addresses are supported.
This also moves the tests into libcore.
Bug: http://b/5619726
Change-Id: Ia952c33f8009ee3c5ed5935ae5f74b6093b1b8e0
|