Remove support for DNS-over-TLS certificate fingerprints.
Inject a test Certificate authority for DNS-OVER-TLS test, and It
provides proper test coverage to TLS cerificate validation.
Test: built, flashed, booted
atest pass
Change-Id: I32b8c743d991ba1f113b37165ff01f4b2acc9da2
diff --git a/PrivateDnsConfiguration.cpp b/PrivateDnsConfiguration.cpp
index 8b5df4b..e974d50 100644
--- a/PrivateDnsConfiguration.cpp
+++ b/PrivateDnsConfiguration.cpp
@@ -54,11 +54,9 @@
int PrivateDnsConfiguration::set(int32_t netId, uint32_t mark,
const std::vector<std::string>& servers, const std::string& name,
- const std::set<std::vector<uint8_t>>& fingerprints) {
+ const std::string& caCert) {
LOG(VERBOSE) << "PrivateDnsConfiguration::set(" << netId << ", " << mark << ", "
- << servers.size() << ", " << name << ", " << fingerprints.size() << ")";
-
- const bool explicitlyConfigured = !name.empty() || !fingerprints.empty();
+ << servers.size() << ", " << name << ")";
// Parse the list of servers that has been passed in
std::set<DnsTlsServer> tlsServers;
@@ -69,12 +67,12 @@
}
DnsTlsServer server(parsed);
server.name = name;
- server.fingerprints = fingerprints;
+ server.certificate = caCert;
tlsServers.insert(server);
}
std::lock_guard guard(mPrivateDnsLock);
- if (explicitlyConfigured) {
+ if (!name.empty()) {
mPrivateDnsModes[netId] = PrivateDnsMode::STRICT;
} else if (!tlsServers.empty()) {
mPrivateDnsModes[netId] = PrivateDnsMode::OPPORTUNISTIC;