d3af962081
This allows for faster lookups of TrustAnchors when checking pin overrides without needing to iterate over all certificates. Currently only the system and user trusted certificate store are optimized to avoid reading the entire source before doing the trust anchor lookup, improvements to the resource source will come in a later commit. This also refactors System/UserCertificateSource to avoid code duplication. Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
21 lines
759 B
XML
21 lines
759 B
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<network-security-config>
|
|
<!-- Entry with a bad pin. Connections to this will only succeed if overridePins is set. -->
|
|
<domain-config>
|
|
<domain>android.com</domain>
|
|
<pin-set>
|
|
<pin digest="SHA-256">aaaaaaaaIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>
|
|
</pin-set>
|
|
<trust-anchors>
|
|
<certificates src="system" overridePins="false" />
|
|
</trust-anchors>
|
|
</domain-config>
|
|
<!-- override that contains all of the system CA store. This should completely override the
|
|
anchors in the domain config-above with ones that have overridePins set. -->
|
|
<debug-overrides>
|
|
<trust-anchors>
|
|
<certificates src="system" />
|
|
</trust-anchors>
|
|
</debug-overrides>
|
|
</network-security-config>
|