[jdk21u-dev] RFR: 8311546: Certificate name constraints improperly validated with leading period

Aleksey Shipilev shade at openjdk.org
Fri Jan 10 15:00:53 UTC 2025


On Wed, 18 Dec 2024 15:56:26 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:

> Backporting this due to wider customer interest in aligning JDK behavior with other SSL implementations. Both patches apply cleanly. First patch does the fix. Second patch fixes the test.
> 
> Additional testing:
>  - [x] macos-aarch64-server-release, new test passes with and without the change
>  - [x] macos-aarch64-server-release, `sun/security/x509/`
>  - [x] linux-x86_64-server-release, `jdk_security`

I finally figured out why regression test is not working: [JDK-8347424](https://bugs.openjdk.org/browse/JDK-8347424) -- I think I'll wait for that and mix the fix here.

-------------

PR Comment: https://git.openjdk.org/jdk21u-dev/pull/1268#issuecomment-2582898299


More information about the jdk-updates-dev mailing list