Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libbrillo / be6a3bbf3c42fa6ead0450c503067ce06f11a572
commitbe6a3bbf3c42fa6ead0450c503067ce06f11a572[log] [tgz]
authorAlex Vakulenko <avakulenko@chromium.org>Tue May 26 18:16:56 2015 -0700
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>Wed May 27 21:30:33 2015 +0000
treec72ed8175a486bd3eadf41ddde1471c5b5506f93
parentd66669e81c154a8be514829b9c99d1c1ffbf04a3 [diff]
libchromeos: Enable remote host validation during TLS handshake

In order to provide higher security, ensure that the server certificate
that comes from the remote host we are connecting to via TLS matches the
host name we expect. If not, TLS connection will be terminated immediately.

BUG=brillo:1050
TEST=`FEATURES=test emerge-link libchromeos`
     Verified on the device using secure XMPP connection to talk.google.com
     Also tried spoofing the expected domain name and verified that the
     TLS handshake was aborted.

Change-Id: I3dde9c1ecb74327acddcccb62afabe858700ddb4
Reviewed-on: https://chromium-review.googlesource.com/273349
Trybot-Ready: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Alex Vakulenko <avakulenko@chromium.org>
Reviewed-by: Vitaly Buka <vitalybuka@chromium.org>
Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
1 file changed
tree: c72ed8175a486bd3eadf41ddde1471c5b5506f93
  1. chromeos/
  2. gen_coverage_html.sh
  3. libchromeos-323904.gypi
  4. libchromeos-test.pc.in
  5. libchromeos.gyp
  6. libchromeos.gypi
  7. libchromeos.pc.in
  8. libpolicy.gypi
  9. libpolicy.ver
  10. OWNERS
  11. platform2_preinstall.sh
  12. testrunner.cc