Skip to content
Browse files

Fix a bug in OkHostnameVerifier wildcard handling.

Wildcard domain name patterns of the form *.remainder are supposed to
match domain names that exactly match the remainder. Due to a bug,
the match was not exact but rather a prefix match: domain names
starting with the remainder would match too.

This CL fixes the issue.

(cherry picked from commit a03ec4ced2b11f9eae6cbeeedb1db2b1b29fafb1)

Bug: 18432707
Change-Id: Ie40b71a26df1ac2a972341e7b3b40dd9cf38e8b1
  • Loading branch information...
klyubin authored and andi34 committed Nov 19, 2014
1 parent b6b72da commit eae39447887e66fa3e27eb664245625e5cf2720f
@@ -162,7 +162,7 @@ public boolean verifyHostName(String hostName, String cn) {
return hostName.equals(cn);

if (cn.startsWith("*.") && hostName.regionMatches(0, cn, 2, cn.length() - 2)) {
if (cn.startsWith("*.") && hostName.equals(cn.substring(2))) {
return true; // "*" matches ""

@@ -293,6 +293,7 @@
assertTrue(verifier.verify("", session));
assertTrue(verifier.verify("\u82b1\", session));
assertFalse(verifier.verify("", session));
assertFalse(verifier.verify("", session));

@Test public void verifyWilcardCnOnTld() throws Exception {

0 comments on commit eae3944

Please sign in to comment.
You can’t perform that action at this time.