cert validation: use Android cert validation APIs

[danzh2010]

Description: add engine API to allow user config to use Android cert validation APIs. Risk Level: high Testing: added tests in Http2TestServerTest.java Docs Changes: Release Notes: Fixes #1575 Part of #2144

[danzh2010]

/retest

[danzh2010]

/retest

[danzh2010]

/retest

[danzh2010]

/retest

[danzh2010]

The java_tests_mac failure depends on the fixed mentioned in https://github.com/envoyproxy/envoy-mobile/pull/2516#issuecomment-1237169849.

[danzh2010]

/assign @ggreenway

[danzh2010]

/retest

[danzh2010]

/retest

[danzh2010]

/retest

[danzh2010]

@Augustyniak this is good for review.

[danzh2010]

/retest

[goaway]

This is very impressive, and overall looks like a good setup. Thank you, @danzh2010!

I'm not terribly concerned, just curious: is spawning a thread per outstanding cert validation something that Cronet does as well?

[danzh2010]

I'm not terribly concerned, just curious: is spawning a thread per outstanding cert validation something that Cronet does as well?

Nope, AFAIK Cronet coalesce the validations based on host name and uses a thread pool. This will be the next step.

[danzh2010]

/retest

[danzh2010]

/retest

[danzh2010]

/retest

[Augustyniak]

/retest

[Augustyniak]

@goaway can you re-review/approve this PR? I think that your concerns have been addressed

[danzh2010]

Friendly ping on this :)

[Augustyniak]

@goaway I am going to merge this PR as I think that your concerns with regard to configuration template have been addressed.