Skip to content

GitLab

Switch branch/tag
  1. 15 Jan, 2011 2 commits
  3. 14 Jan, 2011 5 commits
  5. 13 Jan, 2011 1 commit
  7. 11 Jan, 2011 1 commit
    • Elliott Hughes's avatar
      Fix Double.toString. · 30ae871a
      Elliott Hughes authored 
      I accidentally changed unsigned division to signed division here in gingerbread.

Bug: 3238333
Change-Id: I72cb80adbfc12082a222310929c90f8740b568da
      30ae871a
  9. 10 Jan, 2011 1 commit
  11. 08 Jan, 2011 2 commits
  13. 07 Jan, 2011 1 commit
  15. 06 Jan, 2011 1 commit
  17. 05 Jan, 2011 2 commits
  19. 28 Dec, 2010 1 commit
  21. 16 Dec, 2010 1 commit
    • Brian Carlstrom's avatar
      HttpsURLConnection retry should not invoke X509TrustManager and HostnameVerifier more than once · 2915378e
      Brian Carlstrom authored 
      Summary:

In 2.3, HttpsURLConnection was change to retry TLS connections as SSL
connections w/o compression to deal with servers that are TLS
intolerant. However, if the handshake proceeded to the point of
invoking the X509TrustManager, we should not retry. Similarly, if we
should not invoke the HostnameVerifier repeatedly, and need to wait
until the SSL handshake has completed.

Tested with (includes two new tests for this issue):
	libcore/luni/src/test/java/libcore/javax/net/ssl/
	libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java
	libcore/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java

Details:

    HttpConnection.setupSecureSocket has been broken into two
    pieces. setupSecureSocket now just does the SSL
    handshaking. verifySecureSocketHostname now does the
    verification. The old HttpConnection code was careful never to
    assign its sslSocket field until verification was complete. A new
    unverifiedSocket field is added to store the sslSocket before
    verification is completed by verifySecureSocketHostname.

	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java

    HttpsEngine.makeConnection now skips TLS intolerant retry if the
    reason for the makeSslConnection failure was a
    CertificateException, since that implies that we failed during
    certification validation after initial handshaking. We also
    prevent retrying hostname verification by moving it out of
    makeSslConnection and only doing it on new SSL connections,
    tracking the changes to HttpConnection.setupSecureSocket mentioned
    above. We also now skip the redundant call to setUpTransportIO in
    makeSslConnection on reused SSLSockets.

	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java

    Instead of throwing away the underlying CertificateExceptions, set
    them as the cause of the SSLExceptions. This is what the RI does
    in the case of X509TrustManager failures and is now used by
    HttpsEngine.makeConnection.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Added new testConnectViaHttpsToUntrustedServer which makes sure
    that connections are not retried on certificate verification
    failure.

	luni/src/test/java/libcore/java/net/URLConnectionTest.java

    Added new test_SSLSocket_untrustedServer that verifies that an
    SSLHandshakeException is thown containing a CertificateException
    is thrown on certificate verification problems.

	luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java

    Added second test CA and a new TestKeyStore.getClientCA2 test key
    store that does not trust the primary test key stores. This is
    useful for negative testing and is used in the above two new
    tests.

	support/src/test/java/libcore/java/security/TestKeyStore.java

Issue: http://code.google.com/p/android/issues/detail?id=13178
Bug: 3292412

Change-Id: I37136bb65f04d2bceaf2f32f542d6432c8b76ad4
      2915378e
  23. 15 Dec, 2010 1 commit
  25. 10 Dec, 2010 1 commit
    • Jesse Wilson's avatar
      Fix various issues in CopyOnWriteArrayList discovered by Google Collections' test suite: · fcd6cf98
      Jesse Wilson authored 
      Fixed CopyOnWriteArrayList problems:
- addAll() doesn't return true if the collection is empty
- clear() fails on an empty list
- containsAll() doesn't return true if the collection is empty
- subList() fails on an empty range
- subList() doesn't implement equals(), hashCode() or toString()

Fixed CopyOnWriteArraySet problems:
- addAll() adds duplicates if the added collection contains duplicates
- equals() throws NullPointerException if this is empty

The following issues aren't fixed:
- the iterator throws UnsupportedOperationException when it should throw
  IllegalStateException
- sublists don't reflect non-structural changes in the underlying list

http://b/3270784
Change-Id: I8c174e4ceda1ff964e2ad8224fa7338dac552288
      fcd6cf98
  27. 07 Dec, 2010 1 commit
    • Elliott Hughes's avatar
      Targeted backport of a java.util.Inflater fix. · 2ff37ac3
      Elliott Hughes authored 
      This has been causing trouble for Gmail. The original fix cleaned up large
parts of the java.util.zip code; this just contains the active ingredient.

(I've excluded the error-handling change to this same function because
that hasn't been tested in the real world yet.)

Bug: 3220923
Change-Id: Ib4bc585a45061ef55c29f09f2bd650c772aab64d
      2ff37ac3
  29. 01 Dec, 2010 1 commit
  31. 17 Nov, 2010 2 commits
    • Brian Carlstrom's avatar
      HttpsURLConnection fixes to pass URLConnectionTest and HttpsURLConnectionTest · dbc42ad9
      Brian Carlstrom authored 
          Add public getSecureSocket so that HttpsURLConnection can reset its sslSocket field on reused connections.

        luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java

    discardIntermediateResponse now maintain old values for
    intermediateReponse, which is necessary when retrying the CONNECT
    method with proxy authorization.

        luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpURLConnectionImpl.java

    Clear sslSocket before retrying makeSslConnection to ensure we reconnect.
    makeSslConnection now resets sslSocket on resumed connection.
    makeSslConnection now exits early on existing connection.

        luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java

git cherry-pick -e 4df5be29
Bug: 3184701
Change-Id: Ida3c027f79e5e29968263ac761d4f4f79d063a27
      dbc42ad9
    • Brian Carlstrom's avatar
      HttpsURLConnectionTest rewrite and URLConnectionTest updates · 5bcbe1c8
      Brian Carlstrom authored 
      Rewrote HttpsURLConnectionTest to work with current SSLSocket
implementation which more strictly follows RI behavior.

Also made upates to URLConnectionTest related to HttpsURLConnection
- changed assertContent call connect() explictly to illustrate problem
  with https proxy case also seen by HttpsURLConnectionTest
- Rewrote testConnectTimeouts to work reliably. Before if often
  worked on WiFi but not on mobile networks where a "HTTP/1.1 501 Bad
  Gateway" would be seen causing a FileNotFoundException.
- Changed testConnectViaHttpProxyToHttpsUsingHttpProxySystemProperty
  to match expectation that https does not use the http.proxyHost
  values. Added new testConnectViaHttpProxyToHttpsUsingProxyArgWithNoProxy
  which should have the same behavior as the fixed
  testConnectViaHttpProxyToHttpsUsingHttpProxySystemProperty

git cherry-pick -e f02c695e

Bug: 3184701
Change-Id: Id25f619d2437db607deaf35aeb1d5e817514b92f
      5bcbe1c8
  33. 16 Nov, 2010 1 commit
    • Brian Carlstrom's avatar
      Propagate pending exception from cert_client_cb · 3825a7f6
      Brian Carlstrom authored 
      There can be a pending exception in the cert_client_cb if the server
certificate failed verification and the server requested a client
certificate. Since the handshake is going to be terminated, just
return from client_cert_cb immediately indicating no client cert will be
provided, allowing the existing exception to propagate.

Bug: 3149826
git cherry-pick 30a77f31

Bug: 3184701
Change-Id: I58b038267f66d6b5f80e9f3d81ff1c0f8052ef27
      3825a7f6
  35. 09 Nov, 2010 2 commits
  37. 04 Nov, 2010 1 commit
  39. 01 Nov, 2010 1 commit
    • Brian Carlstrom's avatar
      Avoid races between OpenSSLSocketImpl I/O and close() · aa37a8aa
      Brian Carlstrom authored 
      The previous change:

    commit 5f2e6872
    Author: Brian Carlstrom <bdc@google.com>
    Date:   Mon Aug 23 14:06:51 2010 -0700

    SSLSocket.read should throw SocketException not NullPointerException

added checkOpen() to throw SocketException instead of
NullPointerException, but there was still a race between read/write on
one thread and close on another that could allow a
NullPointerException to escape. This change moves checkOpen() calls to
be protected by the existing writeLock/readLock/handshakeLock
synchronzied blocks to avoid this case.

byte buffer error checking for read/write is also moved into the to
lock region to preserve compatability as measured by the test:
    libcore.javax.net.ssl.SSLSocketTest#test_SSLSocket_close

Bug: 3153162
      aa37a8aa
  41. 30 Oct, 2010 1 commit
  43. 29 Oct, 2010 1 commit
  45. 27 Oct, 2010 1 commit
  47. 26 Oct, 2010 2 commits
  49. 25 Oct, 2010 1 commit
  51. 22 Oct, 2010 5 commits