DomainNameValiator: Remove workaround
Remove the workaround introduced in CL 68137-p9.
Validation should fail when a certification can't be parsed.
Bug: 2369689
diff --git a/common/java/com/android/common/DomainNameValidator.java b/common/java/com/android/common/DomainNameValidator.java
index 7d58ddf..25dc007 100644
--- a/common/java/com/android/common/DomainNameValidator.java
+++ b/common/java/com/android/common/DomainNameValidator.java
@@ -166,22 +166,13 @@
}
}
} catch (CertificateParsingException e) {
- // TODO figure out if this comment is still true
- // i.e. In what condition do we this exception with a valid certificate?
-
- // one way we can get here is if an alternative name starts with
- // '*' character, which is contrary to one interpretation of the
- // spec (a valid DNS name must start with a letter); there is no
- // good way around this, and in order to be compatible we proceed
- // to check the common name (ie, ignore alternative names)
- if (LOG_ENABLED) {
- String errorMessage = e.getMessage();
- if (errorMessage == null) {
- errorMessage = "failed to parse certificate";
- }
-
- Log.v(TAG, "DomainNameValidator.matchDns(): " + errorMessage);
+ String errorMessage = e.getMessage();
+ if (errorMessage == null) {
+ errorMessage = "failed to parse certificate";
}
+
+ Log.w(TAG, "DomainNameValidator.matchDns(): " + errorMessage);
+ return false;
}
if (!hasDns) {