From 177cd647c9fa02329fb9800f71282b233170f986 Mon Sep 17 00:00:00 2001
From: Brian Carlstrom <bdc@google.com>
Date: Mon, 14 Mar 2011 11:39:08 -0700
Subject: Backport hostname verification correctness fix

From libcore's commit with sha 6767bdbe6bb1d4542c97868d8df1f71d2414fc62

    The only behavior change should be a bug fix. There was a check
    "cn.lastIndexOf('.') >= 0" that was always true. This has been
    fixed to match the comment "require two dots".

Change-Id: I680cad56a1f86150128e587f8c8e19be6ef27bc3
---
 src/org/apache/http/conn/ssl/AbstractVerifier.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/org/apache/http/conn/ssl/AbstractVerifier.java b/src/org/apache/http/conn/ssl/AbstractVerifier.java
index e409db9..723d806 100644
--- a/src/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/src/org/apache/http/conn/ssl/AbstractVerifier.java
@@ -163,7 +163,7 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
             // action.  It also can't be [*.co.uk] or [*.co.jp] or
             // [*.org.uk], etc...
             boolean doWildcard = cn.startsWith("*.") &&
-                                 cn.lastIndexOf('.') >= 0 &&
+                                 cn.indexOf('.', 2) != -1 &&
                                  acceptableCountryWildcard(cn) &&
                                  !InetAddressUtils.isIPv4Address(host);
 
-- 
cgit v1.1