Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_modules_Wifi / 9c4490cecdb83cf20d89af26bd99fc31cc5541c9
commit9c4490cecdb83cf20d89af26bd99fc31cc5541c9[log] [tgz]
authorHai Shalom <haishalom@google.com>Thu Apr 20 10:07:59 2023 -0700
committerHai Shalom <haishalom@google.com>Thu Apr 27 15:42:26 2023 -0700
tree82c5305bfebe60a65e28a2053ec6463af97c9940
parent99674d1e5af5aae5254627ffcc99199b7cb13b5c [diff]
[TOFU] Start with the Android trust store

For devices with supplicant AIDL v2 and up, start the TOFU process
with the default Android trust store, to enable networks that use
a globally trusted CA and do not include it in the TLS handshake.
This will allow to use a Root CA validation of the server cert
instead of using cert pinning.
If a server is using a Root CA that is in the Android trust store,
update the configuration of that connection to use the system
certificates. This will allow continuous service without
interruptions even if the server changes a Root CA provider.

Bug: 271921032
Test: Connect successfully and securely to WPA-Enterprise networks:
* Globally trusted Root CA
* Private Root CA with intermediates
* Partial / leaf only chain

Change-Id: Ib5d870fce696ce8f051e6b7acd0329e1eb7255f9
5 files changed
tree: 82c5305bfebe60a65e28a2053ec6463af97c9940
  1. apex/
  2. framework/
  3. OsuLogin/
  4. service/
  5. tests/
  6. WifiDialog/
  7. metrics_pdd_hook.py
  8. overlayable_hook.py
  9. OWNERS
  10. PREUPLOAD.cfg
  11. TEST_MAPPING
  12. WIFI_OWNERS