RFR: JDK-8260925: HttpsURLConnection does not work with other JSSE provider. [v4]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Wed Mar 3 16:19:44 UTC 2021


On Wed, 3 Mar 2021 15:10:54 GMT, Vyom Tewari <vtewari at openjdk.org> wrote:

>> HttpsURLConnection, works with SunJSSE provider but does not work with other JSSE provider. In case of SunJSSE , HttpsURLConnection set the host name as follows
>> 
>> s = (SSLSocket)serverSocket;
>>    if (s instanceof SSLSocketImpl) {
>>           ((SSLSocketImpl)s).setHost(host);
>>    } 
>> 
>> But in case of other providers(BouncyCastleProvider )  host will not get set and "java.security.cert.CertificateException: No subject alternative name found matching IP address" exception will be thrown.
>
> Vyom Tewari has updated the pull request incrementally with one additional commit since the last revision:
> 
>   reverted the overly deleted else block

src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 566:

> 564:                     SSLParameters paramaters = s.getSSLParameters();
> 565:                     paramaters.setEndpointIdentificationAlgorithm("HTTPS");
> 566:                     paramaters.setServerNames(List.of(new SNIHostName(host)));

Thank you for taking my comment.  But I may not update line 456-458.  A safer update may be in line 566, for example:
+    // The host has been set for SSLSocketImp previously.
+    if (!(s instanced SSLSocketImpl)) {
          paramaters.setServerNames(List.of(new SNIHostName(host)));
+    }

-------------

PR: https://git.openjdk.java.net/jdk/pull/2583


More information about the net-dev mailing list