Merge "Revert "OkHostnameVerifier: Don't fall back to CN verification.""

am: 75ba0edaeb

Change-Id: I17d7bf85a244863636770857ae830cef0e219cf8

2 files changed, 9 insertions, 28 deletions

diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java
index beb2b6c..d7f1c78 100644
--- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java
+++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java
@@ -71,9 +71,7 @@ public final class HostnameVerifierTest {
         + "HwlNrAu8jlZ2UqSgskSWlhYdMTAP9CPHiUv9N7FcT58Itv/I4fKREINQYjDpvQcx\n"
         + "SaTYb9dr5sB4WLNglk7zxDtM80H518VvihTcP7FHL+Gn6g4j5fkI98+S\n"
         + "-----END CERTIFICATE-----\n");
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("foo.com", session));
-    assertFalse(verifier.verify("foo.com", session));
+    assertTrue(verifier.verify("foo.com", session));
     assertFalse(verifier.verify("a.foo.com", session));
     assertFalse(verifier.verify("bar.com", session));
   }
@@ -106,9 +104,7 @@ public final class HostnameVerifierTest {
         + "9BsO7qe46hidgn39hKh1WjKK2VcL/3YRsC4wUi0PBtFW6ScMCuMhgIRXSPU55Rae\n"
         + "UIlOdPjjr1SUNWGId1rD7W16Scpwnknn310FNxFMHVI0GTGFkNdkilNCFJcIoRA=\n"
         + "-----END CERTIFICATE-----\n");
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
-    assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
+    assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
     assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
   }
 
@@ -261,9 +257,7 @@ public final class HostnameVerifierTest {
     assertFalse(verifier.verify("a.foo.com", session));
     assertFalse(verifier.verify("bar.com", session));
     assertFalse(verifier.verify("a.bar.com", session));
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
-    assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
+    assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
     assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
   }
 
@@ -296,12 +290,8 @@ public final class HostnameVerifierTest {
         + "l3Q/RK95bnA6cuRClGusLad0e6bjkBzx/VQ3VarDEpAkTLUGVAa0CLXtnyc=\n"
         + "-----END CERTIFICATE-----\n");
     assertFalse(verifier.verify("foo.com", session));
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("www.foo.com", session));
-    assertFalse(verifier.verify("www.foo.com", session));
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session));
-    assertFalse(verifier.verify("\u82b1\u5b50.foo.com", session));
+    assertTrue(verifier.verify("www.foo.com", session));
+    assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session));
     assertFalse(verifier.verify("a.b.foo.com", session));
   }
 
@@ -334,12 +324,8 @@ public final class HostnameVerifierTest {
         + "UGPLEUDzRHMPHLnSqT1n5UU5UDRytbjJPXzF+l/+WZIsanefWLsxnkgAuZe/oMMF\n"
         + "EJMryEzOjg4Tfuc5qM0EXoPcQ/JlheaxZ40p2IyHqbsWV4MRYuFH4bkM\n"
         + "-----END CERTIFICATE-----\n");
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("foo.co.jp", session));
-    assertFalse(verifier.verify("foo.co.jp", session));
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
-    assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
+    assertTrue(verifier.verify("foo.co.jp", session));
+    assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
   }
 
   /**
@@ -465,9 +451,7 @@ public final class HostnameVerifierTest {
         + "U6LFxmZr31lFyis2/T68PpjAppc0DpNQuA2m/Y7oTHBDi55Fw6HVHCw3lucuWZ5d\n"
         + "qUYo4ES548JdpQtcLrW2sA==\n"
         + "-----END CERTIFICATE-----");
-    // Android-changed: Ignore common name in hostname verification. http://b/70278814
-    // assertTrue(verifier.verify("google.com", session));
-    assertFalse(verifier.verify("google.com", session));
+    assertTrue(verifier.verify("google.com", session));
   }
 
   @Test public void subjectAltName() throws Exception {
diff --git a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java
index c947d7d..740de1b 100644
--- a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java
+++ b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java
@@ -29,6 +29,7 @@ import java.util.regex.Pattern;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSession;
+import javax.security.auth.x500.X500Principal;
 
 /**
  * A HostnameVerifier consistent with <a
@@ -104,8 +105,6 @@ public final class OkHostnameVerifier implements HostnameVerifier {
       }
     }
 
-    // BEGIN Android-removed: Ignore common name in hostname verification. http://b/70278814
-    /*
     if (!hasDns) {
       X500Principal principal = certificate.getSubjectX500Principal();
       // RFC 2818 advises using the most specific name for matching.
@@ -114,8 +113,6 @@ public final class OkHostnameVerifier implements HostnameVerifier {
         return verifyHostName(hostName, cn);
       }
     }
-    */
-    // END Android-removed: Ignore common name in hostname verification. http://b/70278814
 
     return false;
   }