Cronvoy: support Android TLS mechanism

Android must control the available root certificates, as users can choose to revoke certificates on their Android devices. Hence, Android provides a Java API to verify a Server certificate. As usual, Cronet has a Java layer allowing JNI interactions with related Android system libraries. That Cronet layer is fairly complex:

- [```AndroidNetworkLibrary.verifyServerCertificates```](https://source.chromium.org/chromium/chromium/src/+/main:net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java;l=108): that's the main method.
- [```AndroidCertVerifyResult```](https://source.chromium.org/chromium/chromium/src/+/main:net/android/java/src/org/chromium/net/AndroidCertVerifyResult.java): this is the response to the above method. Requires some JNI invocations from the C++ layer to extirpate the data.
- [```X509Util```](https://source.chromium.org/chromium/chromium/src/+/main:net/android/java/src/org/chromium/net/X509Util.java): that's where the subtle details reside. There are more JNI invocations in there.

Also, to help with testing, there are two methods dealing with root certificates:
- [```AndroidNetworkLibrary.addTestRootCertificate```](https://source.chromium.org/chromium/chromium/src/+/main:net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java;l=132)
- [```AndroidNetworkLibrary.clearTestRootCertificates```](https://source.chromium.org/chromium/chromium/src/+/main:net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java;l=142)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cronvoy: support Android TLS mechanism #1575

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cronvoy: support Android TLS mechanism #1575

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions