Merge the 2021-02-05 SPL branch from AOSP-Partner
* security-aosp-pi-release:
[DO NOT MERGE] Reject non-ASCII hostnames and SANs.
Change-Id: Ibdfebe7ec4e4412050ecf54f9c4cdf8190e62fe2
diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
index e697838..96384ad 100644
--- a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
+++ b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
@@ -78,7 +78,7 @@
assertFalse(verifier.verify("a.foo.com", session));
assertTrue(verifier.verify("bar.com", session));
assertFalse(verifier.verify("a.bar.com", session));
- // The certificate has this name in the altnames section, but Conscrypt drops
+ // The certificate has this name in the altnames section, but OkHostnameVerifier drops
// any altnames that are improperly encoded according to RFC 5280, which requires
// non-ASCII characters to be encoded in ASCII via Punycode.
assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
@@ -129,11 +129,11 @@
assertFalse(verifier.verify("a.b.foo.com", session));
assertFalse(verifier.verify("bar.com", session));
assertTrue(verifier.verify("www.bar.com", session));
- assertTrue(verifier.verify("\u82b1\u5b50.bar.com", session));
assertFalse(verifier.verify("a.b.bar.com", session));
- // The certificate has this name in the altnames section, but Conscrypt drops
+ // The certificate has this name in the altnames section, but OkHostnameVerifier drops
// any altnames that are improperly encoded according to RFC 5280, which requires
// non-ASCII characters to be encoded in ASCII via Punycode.
+ assertFalse(verifier.verify("\u82b1\u5b50.bar.com", session));
assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
}