diff options
author | Tobias Thierer <tobiast@google.com> | 2018-01-10 23:09:21 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-01-10 23:09:21 +0000 |
commit | 75ba0edaeb43716afe908c9f579d4cbdddcc85aa (patch) | |
tree | 08d510ae0e06daa63025c3f6526438a147943d07 | |
parent | 34c53aba217e0e8dce98034526e76f367bbf7dd3 (diff) | |
parent | cd3f2cecf3112d8c3da9ea20ddd620008d2fb6e6 (diff) | |
download | okhttp-75ba0edaeb43716afe908c9f579d4cbdddcc85aa.tar.gz |
Merge "Revert "OkHostnameVerifier: Don't fall back to CN verification.""
-rw-r--r-- | okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java | 32 | ||||
-rw-r--r-- | okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java | 5 |
2 files changed, 9 insertions, 28 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java index beb2b6c..d7f1c78 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java @@ -71,9 +71,7 @@ public final class HostnameVerifierTest { + "HwlNrAu8jlZ2UqSgskSWlhYdMTAP9CPHiUv9N7FcT58Itv/I4fKREINQYjDpvQcx\n" + "SaTYb9dr5sB4WLNglk7zxDtM80H518VvihTcP7FHL+Gn6g4j5fkI98+S\n" + "-----END CERTIFICATE-----\n"); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("foo.com", session)); - assertFalse(verifier.verify("foo.com", session)); + assertTrue(verifier.verify("foo.com", session)); assertFalse(verifier.verify("a.foo.com", session)); assertFalse(verifier.verify("bar.com", session)); } @@ -106,9 +104,7 @@ public final class HostnameVerifierTest { + "9BsO7qe46hidgn39hKh1WjKK2VcL/3YRsC4wUi0PBtFW6ScMCuMhgIRXSPU55Rae\n" + "UIlOdPjjr1SUNWGId1rD7W16Scpwnknn310FNxFMHVI0GTGFkNdkilNCFJcIoRA=\n" + "-----END CERTIFICATE-----\n"); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session)); - assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session)); + assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session)); assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session)); } @@ -261,9 +257,7 @@ public final class HostnameVerifierTest { assertFalse(verifier.verify("a.foo.com", session)); assertFalse(verifier.verify("bar.com", session)); assertFalse(verifier.verify("a.bar.com", session)); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session)); - assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session)); + assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session)); assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session)); } @@ -296,12 +290,8 @@ public final class HostnameVerifierTest { + "l3Q/RK95bnA6cuRClGusLad0e6bjkBzx/VQ3VarDEpAkTLUGVAa0CLXtnyc=\n" + "-----END CERTIFICATE-----\n"); assertFalse(verifier.verify("foo.com", session)); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("www.foo.com", session)); - assertFalse(verifier.verify("www.foo.com", session)); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session)); - assertFalse(verifier.verify("\u82b1\u5b50.foo.com", session)); + assertTrue(verifier.verify("www.foo.com", session)); + assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session)); assertFalse(verifier.verify("a.b.foo.com", session)); } @@ -334,12 +324,8 @@ public final class HostnameVerifierTest { + "UGPLEUDzRHMPHLnSqT1n5UU5UDRytbjJPXzF+l/+WZIsanefWLsxnkgAuZe/oMMF\n" + "EJMryEzOjg4Tfuc5qM0EXoPcQ/JlheaxZ40p2IyHqbsWV4MRYuFH4bkM\n" + "-----END CERTIFICATE-----\n"); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("foo.co.jp", session)); - assertFalse(verifier.verify("foo.co.jp", session)); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session)); - assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session)); + assertTrue(verifier.verify("foo.co.jp", session)); + assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session)); } /** @@ -465,9 +451,7 @@ public final class HostnameVerifierTest { + "U6LFxmZr31lFyis2/T68PpjAppc0DpNQuA2m/Y7oTHBDi55Fw6HVHCw3lucuWZ5d\n" + "qUYo4ES548JdpQtcLrW2sA==\n" + "-----END CERTIFICATE-----"); - // Android-changed: Ignore common name in hostname verification. http://b/70278814 - // assertTrue(verifier.verify("google.com", session)); - assertFalse(verifier.verify("google.com", session)); + assertTrue(verifier.verify("google.com", session)); } @Test public void subjectAltName() throws Exception { diff --git a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java index c947d7d..740de1b 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java +++ b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java @@ -29,6 +29,7 @@ import java.util.regex.Pattern; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSession; +import javax.security.auth.x500.X500Principal; /** * A HostnameVerifier consistent with <a @@ -104,8 +105,6 @@ public final class OkHostnameVerifier implements HostnameVerifier { } } - // BEGIN Android-removed: Ignore common name in hostname verification. http://b/70278814 - /* if (!hasDns) { X500Principal principal = certificate.getSubjectX500Principal(); // RFC 2818 advises using the most specific name for matching. @@ -114,8 +113,6 @@ public final class OkHostnameVerifier implements HostnameVerifier { return verifyHostName(hostName, cn); } } - */ - // END Android-removed: Ignore common name in hostname verification. http://b/70278814 return false; } |