Code Review 6943219: test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java fail in linux
Chris Hegarty
chris.hegarty at oracle.com
Thu Apr 15 09:05:23 UTC 2010
Hi Andrew,
These tests have canned certs with 'localhost' as a subject alternative
name in the client certificate. This fails client authentication on the
accepted server socket if the platform returns anything other than
'localhost' for the remote address. This can happen on Linux which
typically has an entry localhost.localdomain in the /etc/hosts file.
The fix is to disable client hostname checking on the server side, since
these tests were added specifically to verify the hostname checking on
the client side. Note, this does not indicate a bug in the client
hostname checking on the server side, just that the canned certs in this
particular test does not fully support it.
Webrev:
http://cr.openjdk.java.net/~chegar/6943219/webrev.00/webrev/
-Chris.
More information about the security-dev
mailing list