[jdk8u-dev] RFR: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled [v2]
Roman Marchenko
rmarchenko at openjdk.org
Wed Jan 18 07:34:39 UTC 2023
On Wed, 18 Jan 2023 07:29:46 GMT, Roman Marchenko <rmarchenko at openjdk.org> wrote:
>> _Almost_ clean backport.
>>
>> JDK8 has the same issue with processing host names for SNI. It'd be good to keep JDK8 up to date with the upstream. No risks.
>>
>> There were 2 changes with test files paths:
>>
>> - Original `test/jdk/javax/net/ssl/ServerName/EndingDotHostname.java` added and moved to `jdk/test/javax/net/ssl/ServerName/EndingDotHostname.java`.
>> - Original `test/jdk/javax/net/ssl/templates/SSLExampleCert.java` added and moved to `jdk/test/javax/net/ssl/templates/SSLExampleCert.java`.
>>
>> And the original changes use JDK17 strings in `SSLExampleCert.java`, so it was adapted for JDK8 withthe additional commit as it was done for JDK11 backport.
>>
>> Please note that new test added by the change fails for now because of the certs are expired in March, 2022. To fix this, there are additional JDK fixes being backported as dependant PRs
>>
>> - #206
>> - #207
>
> Roman Marchenko has updated the pull request incrementally with one additional commit since the last revision:
>
> Fixed strings format
The original changes use JDK17 strings in `SSLExampleCert.java`, so it was adapted for JDK8 withthe additional commit as it was done for JDK11 backport.
-------------
PR: https://git.openjdk.org/jdk8u-dev/pull/205
More information about the jdk8u-dev
mailing list