Store the entire certificate revocation list locally - platform/frameworks/base

diff options

author	Tom Chan <tomchan@google.com>	2025-02-19 21:13:48 +0000
committer	Tom Chan <tomchan@google.com>	2025-02-21 19:42:40 +0000
commit	cf1648107aab44b4fdcee1a2a96ec9abb6e0c2a7 (patch)
tree	3de45f9e24f3eebb107896a83ca9f00096b12bdc /libs/androidfw/StringPool.cpp
parent	3cf302173647ce5c5269358225c2f496bdb34c50 (diff)

Store the entire certificate revocation list locally

Compared to the previous approach which stores previously seen <certificate, last-checked-date> pairs, storing the entire CRL avoids edge cases where a rotated certificate causes an attestation failure because it is not seen before. Test: Manually, also atest AttestationVerificationTest:com.android.server.security.CertificateRevocationStatusManagerTest Bug: 389088384 Flag: EXEMPT bug fix Change-Id: Ia7ae905018d140ff76671d5eb5fc911acaa94897

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: