Merge "Revert "OkHostnameVerifier: Don't fall back to CN verification."" am: 75ba0edaeb am: 58cb4ca73f
am: 508eb4f719
Change-Id: Iee6d80a340a60dfec5ddee0d964abf29ff1351f8
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java
index beb2b6c..d7f1c78 100644
--- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java
+++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/tls/HostnameVerifierTest.java
@@ -71,9 +71,7 @@
+ "HwlNrAu8jlZ2UqSgskSWlhYdMTAP9CPHiUv9N7FcT58Itv/I4fKREINQYjDpvQcx\n"
+ "SaTYb9dr5sB4WLNglk7zxDtM80H518VvihTcP7FHL+Gn6g4j5fkI98+S\n"
+ "-----END CERTIFICATE-----\n");
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("foo.com", session));
- assertFalse(verifier.verify("foo.com", session));
+ assertTrue(verifier.verify("foo.com", session));
assertFalse(verifier.verify("a.foo.com", session));
assertFalse(verifier.verify("bar.com", session));
}
@@ -106,9 +104,7 @@
+ "9BsO7qe46hidgn39hKh1WjKK2VcL/3YRsC4wUi0PBtFW6ScMCuMhgIRXSPU55Rae\n"
+ "UIlOdPjjr1SUNWGId1rD7W16Scpwnknn310FNxFMHVI0GTGFkNdkilNCFJcIoRA=\n"
+ "-----END CERTIFICATE-----\n");
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
- assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
+ assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
}
@@ -261,9 +257,7 @@
assertFalse(verifier.verify("a.foo.com", session));
assertFalse(verifier.verify("bar.com", session));
assertFalse(verifier.verify("a.bar.com", session));
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
- assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
+ assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
}
@@ -296,12 +290,8 @@
+ "l3Q/RK95bnA6cuRClGusLad0e6bjkBzx/VQ3VarDEpAkTLUGVAa0CLXtnyc=\n"
+ "-----END CERTIFICATE-----\n");
assertFalse(verifier.verify("foo.com", session));
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("www.foo.com", session));
- assertFalse(verifier.verify("www.foo.com", session));
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session));
- assertFalse(verifier.verify("\u82b1\u5b50.foo.com", session));
+ assertTrue(verifier.verify("www.foo.com", session));
+ assertTrue(verifier.verify("\u82b1\u5b50.foo.com", session));
assertFalse(verifier.verify("a.b.foo.com", session));
}
@@ -334,12 +324,8 @@
+ "UGPLEUDzRHMPHLnSqT1n5UU5UDRytbjJPXzF+l/+WZIsanefWLsxnkgAuZe/oMMF\n"
+ "EJMryEzOjg4Tfuc5qM0EXoPcQ/JlheaxZ40p2IyHqbsWV4MRYuFH4bkM\n"
+ "-----END CERTIFICATE-----\n");
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("foo.co.jp", session));
- assertFalse(verifier.verify("foo.co.jp", session));
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
- assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
+ assertTrue(verifier.verify("foo.co.jp", session));
+ assertTrue(verifier.verify("\u82b1\u5b50.co.jp", session));
}
/**
@@ -465,9 +451,7 @@
+ "U6LFxmZr31lFyis2/T68PpjAppc0DpNQuA2m/Y7oTHBDi55Fw6HVHCw3lucuWZ5d\n"
+ "qUYo4ES548JdpQtcLrW2sA==\n"
+ "-----END CERTIFICATE-----");
- // Android-changed: Ignore common name in hostname verification. http://b/70278814
- // assertTrue(verifier.verify("google.com", session));
- assertFalse(verifier.verify("google.com", session));
+ assertTrue(verifier.verify("google.com", session));
}
@Test public void subjectAltName() throws Exception {
diff --git a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java
index c947d7d..740de1b 100644
--- a/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java
+++ b/okhttp/src/main/java/com/squareup/okhttp/internal/tls/OkHostnameVerifier.java
@@ -29,6 +29,7 @@
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
+import javax.security.auth.x500.X500Principal;
/**
* A HostnameVerifier consistent with <a
@@ -104,8 +105,6 @@
}
}
- // BEGIN Android-removed: Ignore common name in hostname verification. http://b/70278814
- /*
if (!hasDns) {
X500Principal principal = certificate.getSubjectX500Principal();
// RFC 2818 advises using the most specific name for matching.
@@ -114,8 +113,6 @@
return verifyHostName(hostName, cn);
}
}
- */
- // END Android-removed: Ignore common name in hostname verification. http://b/70278814
return false;
}