DO NOT MERGE Revert "Remove workaround for *.clients.google.com."
This reverts commit 319e20e0b273b64fb567f73912f71dd33f77b516.
Turns out some apps that connect to android.clients.google.com
still do not use SNI and thus get served a server cert for
*.google.com.
Bug: 5426333
Bug: 16635883
Change-Id: I0b2b106c04aeb46f76d2e6a89076390bec3ef00f
diff --git a/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java b/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
index 65c8b03..fa11371 100644
--- a/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
+++ b/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
@@ -154,7 +154,10 @@
int suffixLength = cn.length() - (asterisk + 1);
int suffixStart = hostName.length() - suffixLength;
if (hostName.indexOf('.', asterisk) < suffixStart) {
- return false; // wildcard '*' can't match a '.'
+ // TODO: remove workaround for *.clients.google.com http://b/5426333
+ if (!hostName.endsWith(".clients.google.com")) {
+ return false; // wildcard '*' can't match a '.'
+ }
}
if (!hostName.regionMatches(suffixStart, cn, asterisk + 1, suffixLength)) {