| 1ce90cc78f833da6ff674fb2028f2560938313ec |
|
04-Mar-2016 |
Kenny Root <kroot@google.com> |
SSLSocketTest: make endpoint verification tests not depend on DNS
Apparently 127.0.0.2 resolves to localhost in some places, so use a
serialization trick to write an arbitrary hostname into an
InetSocketAddress. This allows us to substitute any valid SNI hostname
during testing.
(cherry picked from commit 9958d3c59c0b774238bf5a2e06758c11fbb702de)
Bug: 27271561
Change-Id: If2351c424bc1f1193a42fe93a983948a19ae7ec2
|
| 9958d3c59c0b774238bf5a2e06758c11fbb702de |
|
04-Mar-2016 |
Kenny Root <kroot@google.com> |
SSLSocketTest: make endpoint verification tests not depend on DNS
Apparently 127.0.0.2 resolves to localhost in some places, so use a
serialization trick to write an arbitrary hostname into an
InetSocketAddress. This allows us to substitute any valid SNI hostname
during testing.
Bug: 27271561
Change-Id: If2351c424bc1f1193a42fe93a983948a19ae7ec2
|
| 01b7734160977458d44d1fb179984fd91672f08d |
|
01-Feb-2016 |
Kenny Root <kroot@google.com> |
Add tests for SSL handshake session and endpoint verification
Partial revert of commit 36214feb86a0963b23f34c8c63584252bd757e19.
Change-Id: I731515bd180f1ea36abf4d8c1151a75254ad0c10
|
| 571815deb03bd0e3ed8497160e489c16c72d67a2 |
|
21-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Assert finite default timeout for TLS/SSL sessions.
This makes CTS tests expect 8 hours as the default timeout for TLS/SSL
sessions. Prior to this change, sessions were expected to not time out
by default.
(cherry picked from commit 4e1404f2017dc7db05b69ecad241f78c5bb1a4ee)
Bug: 18369043
Bug: 18370076
Change-Id: I09ae9ee91df2fb4bb2e8cc812127dc9f05a14696
|
| 4e1404f2017dc7db05b69ecad241f78c5bb1a4ee |
|
21-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Assert finite default timeout for TLS/SSL sessions.
This makes CTS tests expect 8 hours as the default timeout for TLS/SSL
sessions. Prior to this change, sessions were expected to not time out
by default.
Bug: 18370076
Change-Id: I09ae9ee91df2fb4bb2e8cc812127dc9f05a14696
|
| 36214feb86a0963b23f34c8c63584252bd757e19 |
|
17-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Remove
Change-Id: I143d0b26b116e75892223e74b6c22b6c8db05466
|
| 8d290a506a4a1cd1f86716719ee10586700468f4 |
|
17-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Remove
(cherry picked from commit 36214feb86a0963b23f34c8c63584252bd757e19)
Change-Id: I96d5109c01e39255b9970f7a515ddd3575a50e56
|
| c9461f39290f815f560f2ec50e9ccde5ff4eb8f7 |
|
09-May-2014 |
Alex Klyubin <klyubin@google.com> |
Document and assert support for TLS-PSK cipher suites.
This CL updates the Javadoc of SSLSocket and SSLEngine to list the
now supported TLS-PSK cipher suites. It also adds tests to assert
that these cipher suites are actually supported by SSLSocket and
SSLEngine.
Bug: 15073623
Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb
|
| 3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb |
|
02-Apr-2014 |
Kenny Root <kroot@google.com> |
Update SSLEngineTest for RI
The RI now supports TLSv1.2 with SSLEngine, so update all the
expectations for their tests. It also appears to disable "weak"
algorithms when you select TLSv1.2.
Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8
|
| 70bf6bc3ad78ed9a0a7a5767381ad6c25debbd70 |
|
20-Mar-2014 |
Kenny Root <kroot@google.com> |
Add X509ExtendedTrustManager
This adds the X509ExtendedTrustManager class and all its ancillary
methods that allow it to be used. This allows the
endpointVerificationAlgorithm setting to be enabled on SSLSocket to
check that the cerificate given for the endpoint during the handshake
matched the expected hostname.
Since X509ExtendedTrustManager allows you to pass in an SSLSocket, there
is a new call added to SSLSocket called getHandshakeSession which does
not force the handshake to take place.
Bug: 13103812
Change-Id: I18a18b4f457d1676c8dc9a2a7bf7c3c4646a0425
|
| edeec21a9c9e97cad91dffd47d4f2f7185dffe07 |
|
19-Mar-2014 |
Alex Klyubin <klyubin@google.com> |
Support multiple KeyManagers in TestSSLContext and TestKeyStore.
The two classes in some places assumed that only one KeyManager is
necessary or that only the first provided KeyManager is important.
Change-Id: I88629778911503ac7c233341d44612247d799d22
|
| 2cca77af136c57106bd9a1652e54a0ee99154d89 |
|
14-Dec-2013 |
Alex Klyubin <klyubin@google.com> |
Remove HarmonyJSSE SSLContext, SSLSocket and SSLServerSocket.
Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
|
| 547450702efd233213f953ba2213bb38803c34c3 |
|
09-Jun-2011 |
Jesse Wilson <jessewilson@google.com> |
Use the same host name in the SSL cert as in mockwebserver.
MockWebServer had to revert to getLocalHost() since 'getLoopbackAddress()
doesn't exist on Java 6 and MockWebServer wants to work on Java 6.
Tested on host and device without problem.
Change-Id: Ib083ec393d34b2378da579ffc7b6a71d599f9d22
|
| 3258b52429c7768ea91bda93c5a15257cdd390e5 |
|
18-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
libcore key chain support
Allow access to default IndexedPKIXParameters, similar to access to
default TrustManager. Needed to allow framework to add/remove trusted
CAs at runtime.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Add test support for looking up a cert by an issuer for use in key chain tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
Add test support SSLSocketFactory that sets desired client auth on
each created socket. For use with MockWebServer for key chain testing.
support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
Change-Id: Iecdbd40c67f1673bda25a52b4e229156c805d564
|
| f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8a |
|
30-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
CloseGuard: finalizers for closeable objects should log complaints
Introducing CloseGuard which warns when resources are implictly
cleaned up by finalizers when an explicit termination method, to use
the Effective Java "Issue 7: Avoid finalizers" terminology, should
have been used by the caller.
libcore classes that can use CloseGuard now do so.
Bug: 3041575
Change-Id: I4a4e3554addaf3075c823feb0a0ff0ad1c1f6196
|
| 4557728efb66c455a52b7669a8eefef7a9e54854 |
|
11-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Moving tests to be under the libcore.* package.
This is indended to make it easier to run on VMs that restrict the packages
from which application classes can be loaded. For example, on the RI you need
to use the bootclasspath to load these tests.
Change-Id: I52193f35c5fcca18b5a3e1d280505b1e29b388af
|