RFR: JDK-8260925: HttpsURLConnection does not work with other JSSE provider.
Daniel Fuchs
dfuchs at openjdk.java.net
Tue Mar 2 15:06:41 UTC 2021
On Tue, 2 Mar 2021 14:39:43 GMT, Vyom Tewari <vtewari at openjdk.org> wrote:
>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 569:
>>
>>> 567: SSLParameters paramaters = s.getSSLParameters();
>>> 568: paramaters.setEndpointIdentificationAlgorithm("HTTPS");
>>> 569: paramaters.setServerNames(Collections.singletonList(new SNIHostName(host)));
>>
>> What if the SSL Layer has already an SNIHostName configured? Is there a risk that this will introduce regressions in such cases?
>
> May be i am not sure, we may need this code change to review by security expert. I am setting "SNIHostName" only if "isDefaultHostnameVerifier" is true(If the HNV is the default from HttpsURLConnection) so there should not be problem.
Did you try to run the httpclient tests? They make use of the httpserver - so they can also serve to test it - somewhat.
More generally - please run jdk_net/tier2 tests.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2583
More information about the net-dev
mailing list