net/android/java/CertVerifyStatusAndroid.template · a74c633b26985c9950aecf5e684a06dcaea14eab · eriksson monteiro / tangled

Export verified_cert and public_key_hashes on Android. · 23073f97

davidben@chromium.org authored Jan 17, 2014

On API level 17 and up, X509TrustManager can export the verified chain. Use it
to populate some of the fields in CertVerifyResult. Also correctly populate
is_issued_by_known_root and enable intranet host checking.

Add a test to make sure non-standard roots get flagged as such. If the APIs
are not available, is_issued_by_known_root is always false.

BUG=116838,147945
TEST=CertVerifyProcTest.PublicKeyHashes
     CertVerifyProcTest.VerifyReturnChainBasic
     CertVerifyProcTest.VerifyReturnChainFiltersUnrelatedCerts
     CertVerifyProcTest.VerifyReturnChainProperlyOrdered
     CertVerifyProcTest.IntranetHostsRejected
     CertVerifyProcTest.IsIssuedByKnownRootIgnoresTestRoots
     CertVerifyProcTest.ExtraneousMD5RootCert
     CertVerifyProcTest.NameConstraintsFailure

Review URL: https://codereview.chromium.org/108653013

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@245649 0039d316-1c4b-4281-b951-d872f2087c98

23073f97

CertVerifyStatusAndroid.template 386 Bytes

Replace CertVerifyStatusAndroid.template