Merge "Enable hostname verification for absolute hostnames."

2 files changed, 35 insertions, 0 deletions

diff --git a/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java b/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
index 453dee6..013bf17 100644
--- a/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
+++ b/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
@@ -131,6 +131,14 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
             return false;
         }
 
+        if (hostName.endsWith(".") && !cn.endsWith(".")) {
+            // "www.android.com." matches "www.android.com"
+            // This is needed because server certificates do not normally contain absolute names
+            // or patterns. Connections via absolute hostnames should be supported and even
+            // preferred over those via relative hostnames, to avoid DNS suffixes being appended.
+            cn += '.';
+        }
+
         cn = cn.toLowerCase(Locale.US);
 
         if (!cn.contains("*")) {
diff --git a/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java b/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java
index 100340a..71ccea4 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java
@@ -153,6 +153,33 @@ public final class DefaultHostnameVerifierTest extends TestCase {
         assertFalse(verifier.verifyHostName("imap.google.com", "a*.google.com"));
         assertFalse(verifier.verifyHostName("imap.google.com", "ix*.google.com"));
         assertTrue(verifier.verifyHostName("imap.google.com", "iMap.Google.Com"));
+        assertTrue(verifier.verifyHostName("weird", "weird"));
+        assertFalse(verifier.verifyHostName("weird", "weird*"));
+        assertFalse(verifier.verifyHostName("weird", "*weird"));
+        assertFalse(verifier.verifyHostName("weird", "weird."));
+        assertFalse(verifier.verifyHostName("weird", "weird*."));
+        assertFalse(verifier.verifyHostName("weird", "weird.*"));
+    }
+
+    public void testVerifyAbsoluteHostName() {
+        assertTrue(verifier.verifyHostName("a.b.c.d.", "a.b.c.d"));
+        assertTrue(verifier.verifyHostName("a.b.c.d.", "*.b.c.d"));
+        assertFalse(verifier.verifyHostName("a.b.c.d.", "*.*.c.d"));
+        assertTrue(verifier.verifyHostName("imap.google.com.", "imap.google.com"));
+        assertFalse(verifier.verifyHostName("imap2.google.com.", "imap.google.com"));
+        assertTrue(verifier.verifyHostName("imap.google.com.", "*.google.com"));
+        assertTrue(verifier.verifyHostName("imap2.google.com.", "*.google.com"));
+        assertFalse(verifier.verifyHostName("imap.google.com.", "*.googl.com"));
+        assertFalse(verifier.verifyHostName("imap2.google2.com.", "*.google3.com"));
+        assertFalse(verifier.verifyHostName("imap.google.com.", "a*.google.com"));
+        assertFalse(verifier.verifyHostName("imap.google.com.", "ix*.google.com"));
+        assertTrue(verifier.verifyHostName("imap.google.com.", "iMap.Google.Com"));
+        assertTrue(verifier.verifyHostName("weird.", "weird"));
+        assertTrue(verifier.verifyHostName("weird.", "weird*"));
+        assertTrue(verifier.verifyHostName("weird.", "*weird"));
+        assertTrue(verifier.verifyHostName("weird.", "weird."));
+        assertTrue(verifier.verifyHostName("weird.", "weird*."));
+        assertFalse(verifier.verifyHostName("weird.", "weird.*"));
     }
 
     public void testSubjectOnlyCert() throws Exception {