Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 13284acd authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Remove RESOLV_INJECT_CA_CERTIFICATE am: 3665a1c9 

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/11824578

Change-Id: Ic027ddd189ad1ef8a5b55a5b0f7dc65c9f658120
parents fbe1ab5b 3665a1c9

Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -162,7 +162,6 @@ cc_library { 
        debuggable: {

            cppflags: [

                "-DRESOLV_ALLOW_VERBOSE_LOGGING=1",

                "-DRESOLV_INJECT_CA_CERTIFICATE=1",

            ],

        },

    },

DnsTlsSocket.cpp

+2 −8
Original line number Diff line number Diff line
@@ -41,11 +41,6 @@ 
#include "private/android_filesystem_config.h"  // AID_DNS

#include "resolv_private.h"



// NOTE: Inject CA certificate for internal testing -- do NOT enable in production builds

#ifndef RESOLV_INJECT_CA_CERTIFICATE

#define RESOLV_INJECT_CA_CERTIFICATE 0

#endif



namespace android {



using base::StringPrintf;
@@ -152,10 +147,9 @@ bool DnsTlsSocket::initialize() { 
    // Load system CA certs from CAPath for hostname verification.

    //

    // For discussion of alternative, sustainable approaches see b/71909242.

    if (RESOLV_INJECT_CA_CERTIFICATE && !mServer.certificate.empty()) {

    if (!mServer.certificate.empty()) {

        // Inject test CA certs from ResolverParamsParcel.caCertificate for internal testing.

        // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM, and on

        // debug builds.

        // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM

        LOG(WARNING) << "Setting test CA certificate. This should never happen in production code.";

        if (!setTestCaCertificate()) {

            LOG(ERROR) << "Failed to set test CA certificate";