RFR: JDK-8260925: HttpsURLConnection does not work with other JSSE provider. [v4]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Mar 3 16:19:44 UTC 2021
On Wed, 3 Mar 2021 15:10:54 GMT, Vyom Tewari <vtewari at openjdk.org> wrote:
>> HttpsURLConnection, works with SunJSSE provider but does not work with other JSSE provider. In case of SunJSSE , HttpsURLConnection set the host name as follows
>>
>> s = (SSLSocket)serverSocket;
>> if (s instanceof SSLSocketImpl) {
>> ((SSLSocketImpl)s).setHost(host);
>> }
>>
>> But in case of other providers(BouncyCastleProvider ) host will not get set and "java.security.cert.CertificateException: No subject alternative name found matching IP address" exception will be thrown.
>
> Vyom Tewari has updated the pull request incrementally with one additional commit since the last revision:
>
> reverted the overly deleted else block
src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 566:
> 564: SSLParameters paramaters = s.getSSLParameters();
> 565: paramaters.setEndpointIdentificationAlgorithm("HTTPS");
> 566: paramaters.setServerNames(List.of(new SNIHostName(host)));
Thank you for taking my comment. But I may not update line 456-458. A safer update may be in line 566, for example:
+ // The host has been set for SSLSocketImp previously.
+ if (!(s instanced SSLSocketImpl)) {
paramaters.setServerNames(List.of(new SNIHostName(host)));
+ }
-------------
PR: https://git.openjdk.java.net/jdk/pull/2583
More information about the net-dev
mailing list