[jdk8u-dev] RFR: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
Andrew John Hughes
andrew at openjdk.org
Wed Jan 4 01:46:01 UTC 2023
On Fri, 9 Dec 2022 09:39:45 GMT, Roman Marchenko <rmarchenko at openjdk.org> wrote:
> Actually clean backport.
>
> JDK8 has the same issue with processing host names for SNI. It'd be good to keep JDK8 up to date with the upstream. No risks.
>
> There were 2 conflicts with test files paths:
>
> - Original `test/jdk/javax/net/ssl/ServerName/EndingDotHostname.java` added and moved to `jdk/test/javax/net/ssl/ServerName/EndingDotHostname.java`.
> - Original `test/jdk/javax/net/ssl/templates/SSLExampleCert.java` added and moved to `jdk/test/javax/net/ssl/templates/SSLExampleCert.java`.
>
> Please note that new test added by the change fails for now because of the certs are expired in March, 2022. To fix this, there are additional JDK fixes being backported as dependant PRs
>
> - #206
> - #207
Clean backport, simple bug fix.
This has a `jdk8u-fix-yes` approval already. Please run the `integrate` command and then one of us can sponsor this to get it in.
-------------
Marked as reviewed by andrew (Reviewer).
PR: https://git.openjdk.org/jdk8u-dev/pull/205
More information about the jdk8u-dev
mailing list