Loading Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -166,7 +166,6 @@ cc_library { debuggable: { cppflags: [ "-DRESOLV_ALLOW_VERBOSE_LOGGING=1", "-DRESOLV_INJECT_CA_CERTIFICATE=1", ], }, }, Loading DnsTlsSocket.cpp +2 −8 Original line number Diff line number Diff line Loading @@ -41,11 +41,6 @@ #include "private/android_filesystem_config.h" // AID_DNS #include "resolv_private.h" // NOTE: Inject CA certificate for internal testing -- do NOT enable in production builds #ifndef RESOLV_INJECT_CA_CERTIFICATE #define RESOLV_INJECT_CA_CERTIFICATE 0 #endif namespace android { using base::StringPrintf; Loading Loading @@ -152,10 +147,9 @@ bool DnsTlsSocket::initialize() { // Load system CA certs from CAPath for hostname verification. // // For discussion of alternative, sustainable approaches see b/71909242. if (RESOLV_INJECT_CA_CERTIFICATE && !mServer.certificate.empty()) { if (!mServer.certificate.empty()) { // Inject test CA certs from ResolverParamsParcel.caCertificate for internal testing. // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM, and on // debug builds. // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM LOG(WARNING) << "Setting test CA certificate. This should never happen in production code."; if (!setTestCaCertificate()) { LOG(ERROR) << "Failed to set test CA certificate"; Loading Loading
Android.bp +0 −1 Original line number Diff line number Diff line Loading @@ -166,7 +166,6 @@ cc_library { debuggable: { cppflags: [ "-DRESOLV_ALLOW_VERBOSE_LOGGING=1", "-DRESOLV_INJECT_CA_CERTIFICATE=1", ], }, }, Loading
DnsTlsSocket.cpp +2 −8 Original line number Diff line number Diff line Loading @@ -41,11 +41,6 @@ #include "private/android_filesystem_config.h" // AID_DNS #include "resolv_private.h" // NOTE: Inject CA certificate for internal testing -- do NOT enable in production builds #ifndef RESOLV_INJECT_CA_CERTIFICATE #define RESOLV_INJECT_CA_CERTIFICATE 0 #endif namespace android { using base::StringPrintf; Loading Loading @@ -152,10 +147,9 @@ bool DnsTlsSocket::initialize() { // Load system CA certs from CAPath for hostname verification. // // For discussion of alternative, sustainable approaches see b/71909242. if (RESOLV_INJECT_CA_CERTIFICATE && !mServer.certificate.empty()) { if (!mServer.certificate.empty()) { // Inject test CA certs from ResolverParamsParcel.caCertificate for internal testing. // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM, and on // debug builds. // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM LOG(WARNING) << "Setting test CA certificate. This should never happen in production code."; if (!setTestCaCertificate()) { LOG(ERROR) << "Failed to set test CA certificate"; Loading