summaryrefslogtreecommitdiff
path: root/docs/html/sdk/api_diff/11/changes
diff options
context:
space:
mode:
authorMike Yu <yumike@google.com>2020-06-22 06:56:39 +0000
committerMike Yu <yumike@google.com>2020-06-22 08:57:49 +0000
commit1a5e45e37d335a6b0fb33b54901c0db4bf1efb1a (patch)
treef8b7dd9daecbab4a01a8acfe9ca78b56bef26f72 /docs/html/sdk/api_diff/11/changes
parent7ce578a3591f46d6af96a6dd720e1cdf8d3af961 (diff)
Support DNS-over-TLS probes in NetworkDiagnostics
Probe DNS servers to see they support DNS-over-TLS. Use system CAs to verify whether the certificates sent by DNS servers are trusted or not. An error is thrown to cause the probe failed if DNS servers send untrusted certificates. Unlike the DnsResolver which doesn't verify the certificates in opportunistic mode, all of the DoT probes from NetworkDiagnostics check certificates. DoT probes apply to the DNS servers gotten from LinkProperties and the DoT servers gotten from PrivateDnsConfig whatever private DNS mode is. A common example in DNS strict mode: . DNS TLS dst{8.8.8.8} hostname{dns.google} src{192.168.43.2:48436} qtype{1} qname{815149-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (432ms) F DNS TLS dst{192.168.43.144} hostname{}: FAILED: java.net.ConnectException: failed to connect to /192.168.43.144 (port 853) from /192.168.43.2 (port 41770) after 2500ms: isConnected failed: ECONNREFUSED (Connection refused) (172ms) . DNS TLS dst{8.8.4.4} hostname{dns.google} src{192.168.43.2:37598} qtype{1} qname{759312-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (427ms) An example when the CA is not trusted: F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (16ms) An example when TCP/TLS handshake timeout: F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: java.net.SocketTimeoutException: failed to connect to /8.8.8.8 (port 853) from /192.168.2.108 (port 45680) after 2500ms (2514ms) Bug: 132925257 Bug: 118369977 Test: atest FrameworksNetTests Original-Change: https://android-review.googlesource.com/1011670 Merged-In: I1b54abed0e931ca4b8a97149459cde54da1c3d6f Change-Id: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
Diffstat (limited to 'docs/html/sdk/api_diff/11/changes')
0 files changed, 0 insertions, 0 deletions