1ce90cc78f833da6ff674fb2028f2560938313ec |
|
04-Mar-2016 |
Kenny Root <kroot@google.com> |
SSLSocketTest: make endpoint verification tests not depend on DNS Apparently 127.0.0.2 resolves to localhost in some places, so use a serialization trick to write an arbitrary hostname into an InetSocketAddress. This allows us to substitute any valid SNI hostname during testing. (cherry picked from commit 9958d3c59c0b774238bf5a2e06758c11fbb702de) Bug: 27271561 Change-Id: If2351c424bc1f1193a42fe93a983948a19ae7ec2
|
9958d3c59c0b774238bf5a2e06758c11fbb702de |
|
04-Mar-2016 |
Kenny Root <kroot@google.com> |
SSLSocketTest: make endpoint verification tests not depend on DNS Apparently 127.0.0.2 resolves to localhost in some places, so use a serialization trick to write an arbitrary hostname into an InetSocketAddress. This allows us to substitute any valid SNI hostname during testing. Bug: 27271561 Change-Id: If2351c424bc1f1193a42fe93a983948a19ae7ec2
|
01b7734160977458d44d1fb179984fd91672f08d |
|
01-Feb-2016 |
Kenny Root <kroot@google.com> |
Add tests for SSL handshake session and endpoint verification Partial revert of commit 36214feb86a0963b23f34c8c63584252bd757e19. Change-Id: I731515bd180f1ea36abf4d8c1151a75254ad0c10
|
571815deb03bd0e3ed8497160e489c16c72d67a2 |
|
21-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Assert finite default timeout for TLS/SSL sessions. This makes CTS tests expect 8 hours as the default timeout for TLS/SSL sessions. Prior to this change, sessions were expected to not time out by default. (cherry picked from commit 4e1404f2017dc7db05b69ecad241f78c5bb1a4ee) Bug: 18369043 Bug: 18370076 Change-Id: I09ae9ee91df2fb4bb2e8cc812127dc9f05a14696
|
4e1404f2017dc7db05b69ecad241f78c5bb1a4ee |
|
21-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Assert finite default timeout for TLS/SSL sessions. This makes CTS tests expect 8 hours as the default timeout for TLS/SSL sessions. Prior to this change, sessions were expected to not time out by default. Bug: 18370076 Change-Id: I09ae9ee91df2fb4bb2e8cc812127dc9f05a14696
|
36214feb86a0963b23f34c8c63584252bd757e19 |
|
17-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Remove Change-Id: I143d0b26b116e75892223e74b6c22b6c8db05466
|
8d290a506a4a1cd1f86716719ee10586700468f4 |
|
17-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Remove (cherry picked from commit 36214feb86a0963b23f34c8c63584252bd757e19) Change-Id: I96d5109c01e39255b9970f7a515ddd3575a50e56
|
c9461f39290f815f560f2ec50e9ccde5ff4eb8f7 |
|
09-May-2014 |
Alex Klyubin <klyubin@google.com> |
Document and assert support for TLS-PSK cipher suites. This CL updates the Javadoc of SSLSocket and SSLEngine to list the now supported TLS-PSK cipher suites. It also adds tests to assert that these cipher suites are actually supported by SSLSocket and SSLEngine. Bug: 15073623 Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb
|
3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb |
|
02-Apr-2014 |
Kenny Root <kroot@google.com> |
Update SSLEngineTest for RI The RI now supports TLSv1.2 with SSLEngine, so update all the expectations for their tests. It also appears to disable "weak" algorithms when you select TLSv1.2. Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8
|
70bf6bc3ad78ed9a0a7a5767381ad6c25debbd70 |
|
20-Mar-2014 |
Kenny Root <kroot@google.com> |
Add X509ExtendedTrustManager This adds the X509ExtendedTrustManager class and all its ancillary methods that allow it to be used. This allows the endpointVerificationAlgorithm setting to be enabled on SSLSocket to check that the cerificate given for the endpoint during the handshake matched the expected hostname. Since X509ExtendedTrustManager allows you to pass in an SSLSocket, there is a new call added to SSLSocket called getHandshakeSession which does not force the handshake to take place. Bug: 13103812 Change-Id: I18a18b4f457d1676c8dc9a2a7bf7c3c4646a0425
|
edeec21a9c9e97cad91dffd47d4f2f7185dffe07 |
|
19-Mar-2014 |
Alex Klyubin <klyubin@google.com> |
Support multiple KeyManagers in TestSSLContext and TestKeyStore. The two classes in some places assumed that only one KeyManager is necessary or that only the first provided KeyManager is important. Change-Id: I88629778911503ac7c233341d44612247d799d22
|
2cca77af136c57106bd9a1652e54a0ee99154d89 |
|
14-Dec-2013 |
Alex Klyubin <klyubin@google.com> |
Remove HarmonyJSSE SSLContext, SSLSocket and SSLServerSocket. Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
|
547450702efd233213f953ba2213bb38803c34c3 |
|
09-Jun-2011 |
Jesse Wilson <jessewilson@google.com> |
Use the same host name in the SSL cert as in mockwebserver. MockWebServer had to revert to getLocalHost() since 'getLoopbackAddress() doesn't exist on Java 6 and MockWebServer wants to work on Java 6. Tested on host and device without problem. Change-Id: Ib083ec393d34b2378da579ffc7b6a71d599f9d22
|
3258b52429c7768ea91bda93c5a15257cdd390e5 |
|
18-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
libcore key chain support Allow access to default IndexedPKIXParameters, similar to access to default TrustManager. Needed to allow framework to add/remove trusted CAs at runtime. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Add test support for looking up a cert by an issuer for use in key chain tests. support/src/test/java/libcore/java/security/TestKeyStore.java Add test support SSLSocketFactory that sets desired client auth on each created socket. For use with MockWebServer for key chain testing. support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java Change-Id: Iecdbd40c67f1673bda25a52b4e229156c805d564
|
f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8a |
|
30-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
CloseGuard: finalizers for closeable objects should log complaints Introducing CloseGuard which warns when resources are implictly cleaned up by finalizers when an explicit termination method, to use the Effective Java "Issue 7: Avoid finalizers" terminology, should have been used by the caller. libcore classes that can use CloseGuard now do so. Bug: 3041575 Change-Id: I4a4e3554addaf3075c823feb0a0ff0ad1c1f6196
|
4557728efb66c455a52b7669a8eefef7a9e54854 |
|
11-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Moving tests to be under the libcore.* package. This is indended to make it easier to run on VMs that restrict the packages from which application classes can be loaded. For example, on the RI you need to use the bootclasspath to load these tests. Change-Id: I52193f35c5fcca18b5a3e1d280505b1e29b388af
|