Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / modules / DnsResolver / 0e73c2e5c2551ff65102450ebe4220989111f697^! / . / ResolverController.cpp
commit0e73c2e5c2551ff65102450ebe4220989111f697[log] [tgz]
authorwaynema <waynema@google.com>Wed Jul 31 15:04:08 2019 +0800
committerwaynema <waynema@google.com>Thu Aug 08 14:24:29 2019 +0800
tree2a2b7ab082f34bcb0af421c5fc1fc90c30992149
parent6b83a6ffcbcdeafbb34fa21bbcdba2a8a966d73b [diff] [blame]
Remove support for DNS-over-TLS certificate fingerprints.

Inject a test Certificate authority for DNS-OVER-TLS test, and It
provides proper test coverage to TLS cerificate validation.

Test: built, flashed, booted
      atest pass

Change-Id: I32b8c743d991ba1f113b37165ff01f4b2acc9da2

diff --git a/ResolverController.cpp b/ResolverController.cpp
index 8296826..0128a12 100644
--- a/ResolverController.cpp
+++ b/ResolverController.cpp

@@ -195,9 +195,7 @@
     return resolv_create_cache_for_net(netId);
 }
 
-int ResolverController::setResolverConfiguration(
-        const ResolverParamsParcel& resolverParams,
-        const std::set<std::vector<uint8_t>>& tlsFingerprints) {
+int ResolverController::setResolverConfiguration(const ResolverParamsParcel& resolverParams) {
     using aidl::android::net::IDnsResolver;
 
     // At private DNS validation time, we only know the netId, so we have to guess/compute the
@@ -213,8 +211,10 @@
     if (tlsServers.size() > MAXNS) {
         tlsServers.resize(MAXNS);
     }
-    const int err = gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers,
-                                                 resolverParams.tlsName, tlsFingerprints);
+    const int err =
+            gPrivateDnsConfiguration.set(resolverParams.netId, fwmark.intValue, tlsServers,
+                                         resolverParams.tlsName, resolverParams.caCertificate);
+
     if (err != 0) {
         return err;
     }