[RFR]: 8220575: Replace hardcoded 127.0.0.1 in URLs with new URI builder

Arthur Eubanks aeubanks at google.com
Wed Mar 27 17:58:10 UTC 2019 

>
> 1) The following test fails with this change, when run on an IPv6-only
>     environment. The reason is that it contains a certificate that has
>     the IPv4 loopback address, 127.0.0.1.
>
>
> sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
>
>     Caused by: java.security.cert.CertificateException: No subject
> alternative names matching IP address 0:0:0:0:0:0:0:1 found
>         at
>
> java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:164)
>         at
> java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:100)
>         at
>
> java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:447)
>         at
>
> java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:422)
>         at
>
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:233)
>         at
>
> java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
>         at
>
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1315)
>         ... 26 more
>
>     Maybe we re-create the certificate with a SAN of ::1 in a follow-on
>     issue.
>
Yes, I was planning on addressing this in a future change.

>
> ---
>
> 2) It is worth nothing that the following tests do not strictly need to
>     be updated, as they either; do not make network connections, or test
>     part of the implementation prior to the network connection:
>
>     java/net/HttpCookie/ExpiredCookieTest.java
>     java/net/ProxySelector/NullSelector.java
>     java/net/HttpURLConnection/NoProxyTest.java
>     java/net/URLPermission/OpenURL.java
>
>     That said, it is good to clean these up and remove the hardcoded
>     IPv4 address.
> ---
>
> 3) The following tests pass on an ipv6-only environment, even without
>     the changes. The tests catch and swallow the IOException "Network is
>     unreachable", when they should not.
>
>     com/sun/net/httpserver/bugs/B6401598.java
>     com/sun/net/httpserver/bugs/B6373555.java
>
>     I can file a separate issue for these, since it is unrelated.

Sounds good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20190327/1f899ada/attachment.html>

More information about the net-dev mailing list