Reject non-ASCII hostnames and SANs. am: 650e71cc3a
Original change: https://googleplex-android-review.googlesource.com/c/platform/libcore/+/13163680
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I29e2d32e3af23cace582fa80610f5ef188c28fd8
diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
index e697838..96384ad 100644
--- a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
+++ b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
@@ -78,7 +78,7 @@
assertFalse(verifier.verify("a.foo.com", session));
assertTrue(verifier.verify("bar.com", session));
assertFalse(verifier.verify("a.bar.com", session));
- // The certificate has this name in the altnames section, but Conscrypt drops
+ // The certificate has this name in the altnames section, but OkHostnameVerifier drops
// any altnames that are improperly encoded according to RFC 5280, which requires
// non-ASCII characters to be encoded in ASCII via Punycode.
assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
@@ -129,11 +129,11 @@
assertFalse(verifier.verify("a.b.foo.com", session));
assertFalse(verifier.verify("bar.com", session));
assertTrue(verifier.verify("www.bar.com", session));
- assertTrue(verifier.verify("\u82b1\u5b50.bar.com", session));
assertFalse(verifier.verify("a.b.bar.com", session));
- // The certificate has this name in the altnames section, but Conscrypt drops
+ // The certificate has this name in the altnames section, but OkHostnameVerifier drops
// any altnames that are improperly encoded according to RFC 5280, which requires
// non-ASCII characters to be encoded in ASCII via Punycode.
+ assertFalse(verifier.verify("\u82b1\u5b50.bar.com", session));
assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
}