Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9af96f85 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Remove RESOLV_INJECT_CA_CERTIFICATE" am: 5b757efb am: c5bc85b9 

Original change: https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1210063

Change-Id: I4be9fd8f4ef12f6490a5ac1b3e37a1cc58b9313e
parents 9df24f9d c5bc85b9

Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -167,7 +167,6 @@ cc_library { 
        debuggable: {

            cppflags: [

                "-DRESOLV_ALLOW_VERBOSE_LOGGING=1",

                "-DRESOLV_INJECT_CA_CERTIFICATE=1",

            ],

        },

    },

DnsTlsSocket.cpp

+2 −8
Original line number Diff line number Diff line
@@ -41,11 +41,6 @@ 
#include "private/android_filesystem_config.h"  // AID_DNS

#include "resolv_private.h"



// NOTE: Inject CA certificate for internal testing -- do NOT enable in production builds

#ifndef RESOLV_INJECT_CA_CERTIFICATE

#define RESOLV_INJECT_CA_CERTIFICATE 0

#endif



namespace android {



using base::StringPrintf;
@@ -152,10 +147,9 @@ bool DnsTlsSocket::initialize() { 
    // Load system CA certs from CAPath for hostname verification.

    //

    // For discussion of alternative, sustainable approaches see b/71909242.

    if (RESOLV_INJECT_CA_CERTIFICATE && !mServer.certificate.empty()) {

    if (!mServer.certificate.empty()) {

        // Inject test CA certs from ResolverParamsParcel.caCertificate for internal testing.

        // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM, and on

        // debug builds.

        // This is only allowed by DnsResolverService if the caller is not AID_SYSTEM

        LOG(WARNING) << "Setting test CA certificate. This should never happen in production code.";

        if (!setTestCaCertificate()) {

            LOG(ERROR) << "Failed to set test CA certificate";