[jdk8u-dev] Integrated: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
Roman Marchenko
rmarchenko at openjdk.org
Thu Jan 19 12:58:56 UTC 2023
On Fri, 9 Dec 2022 09:39:45 GMT, Roman Marchenko <rmarchenko at openjdk.org> wrote:
> _Almost_ clean backport.
>
> JDK8 has the same issue with processing host names for SNI. It'd be good to keep JDK8 up to date with the upstream. No risks.
>
> There were 2 changes with test files paths:
>
> - Original `test/jdk/javax/net/ssl/ServerName/EndingDotHostname.java` added and moved to `jdk/test/javax/net/ssl/ServerName/EndingDotHostname.java`.
> - Original `test/jdk/javax/net/ssl/templates/SSLExampleCert.java` added and moved to `jdk/test/javax/net/ssl/templates/SSLExampleCert.java`.
>
> And the original changes use JDK17 strings in `SSLExampleCert.java`, so it was adapted for JDK8 withthe additional commit as it was done for JDK11 backport.
>
> Please note that new test added by the change fails for now because of the certs are expired in March, 2022. To fix this, there are additional JDK fixes being backported as dependant PRs
>
> - #206
> - #207
This pull request has now been integrated.
Changeset: 55254644
Author: Roman Marchenko <rmarchenko at openjdk.org>
Committer: Paul Hohensee <phh at openjdk.org>
URL: https://git.openjdk.org/jdk8u-dev/commit/55254644f78cc8c67cf6b8bc46cf10676da5fe5e
Stats: 613 lines in 4 files changed: 610 ins; 0 del; 3 mod
8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
Reviewed-by: yan, andrew
Backport-of: a95ee5ada230a0177517efd3a417f319066169dd
-------------
PR: https://git.openjdk.org/jdk8u-dev/pull/205
More information about the jdk8u-dev
mailing list