diff options
| -rw-r--r-- | luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java | 8 | ||||
| -rw-r--r-- | luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java | 27 |
2 files changed, 35 insertions, 0 deletions
diff --git a/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java b/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java index 453dee6..013bf17 100644 --- a/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java +++ b/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java @@ -131,6 +131,14 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { return false; } + if (hostName.endsWith(".") && !cn.endsWith(".")) { + // "www.android.com." matches "www.android.com" + // This is needed because server certificates do not normally contain absolute names + // or patterns. Connections via absolute hostnames should be supported and even + // preferred over those via relative hostnames, to avoid DNS suffixes being appended. + cn += '.'; + } + cn = cn.toLowerCase(Locale.US); if (!cn.contains("*")) { diff --git a/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java b/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java index 100340a..71ccea4 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java @@ -153,6 +153,33 @@ public final class DefaultHostnameVerifierTest extends TestCase { assertFalse(verifier.verifyHostName("imap.google.com", "a*.google.com")); assertFalse(verifier.verifyHostName("imap.google.com", "ix*.google.com")); assertTrue(verifier.verifyHostName("imap.google.com", "iMap.Google.Com")); + assertTrue(verifier.verifyHostName("weird", "weird")); + assertFalse(verifier.verifyHostName("weird", "weird*")); + assertFalse(verifier.verifyHostName("weird", "*weird")); + assertFalse(verifier.verifyHostName("weird", "weird.")); + assertFalse(verifier.verifyHostName("weird", "weird*.")); + assertFalse(verifier.verifyHostName("weird", "weird.*")); + } + + public void testVerifyAbsoluteHostName() { + assertTrue(verifier.verifyHostName("a.b.c.d.", "a.b.c.d")); + assertTrue(verifier.verifyHostName("a.b.c.d.", "*.b.c.d")); + assertFalse(verifier.verifyHostName("a.b.c.d.", "*.*.c.d")); + assertTrue(verifier.verifyHostName("imap.google.com.", "imap.google.com")); + assertFalse(verifier.verifyHostName("imap2.google.com.", "imap.google.com")); + assertTrue(verifier.verifyHostName("imap.google.com.", "*.google.com")); + assertTrue(verifier.verifyHostName("imap2.google.com.", "*.google.com")); + assertFalse(verifier.verifyHostName("imap.google.com.", "*.googl.com")); + assertFalse(verifier.verifyHostName("imap2.google2.com.", "*.google3.com")); + assertFalse(verifier.verifyHostName("imap.google.com.", "a*.google.com")); + assertFalse(verifier.verifyHostName("imap.google.com.", "ix*.google.com")); + assertTrue(verifier.verifyHostName("imap.google.com.", "iMap.Google.Com")); + assertTrue(verifier.verifyHostName("weird.", "weird")); + assertTrue(verifier.verifyHostName("weird.", "weird*")); + assertTrue(verifier.verifyHostName("weird.", "*weird")); + assertTrue(verifier.verifyHostName("weird.", "weird.")); + assertTrue(verifier.verifyHostName("weird.", "weird*.")); + assertFalse(verifier.verifyHostName("weird.", "weird.*")); } public void testSubjectOnlyCert() throws Exception { |