Code Review 6943219: test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ fail in linux

Chris Hegarty chris.hegarty at
Thu Apr 15 02:05:23 PDT 2010

Hi Andrew,

These tests have canned certs with 'localhost' as a subject alternative 
name in the client certificate. This fails client authentication on the 
accepted server socket if the platform returns anything other than 
'localhost' for the remote address. This can happen on Linux which 
typically has an entry localhost.localdomain in the /etc/hosts file.

The fix is to disable client hostname checking on the server side, since 
these tests were added specifically to verify the hostname checking on 
the client side. Note, this does not indicate a bug in the client 
hostname checking on the server side, just that the canned certs in this 
particular test does not fully support it.



More information about the security-dev mailing list