Code Review 6943219: test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java fail in linux

Xuelei Fan Xuelei.Fan at Sun.COM
Thu Apr 15 03:53:35 PDT 2010


Looks fine to me.

Thanks,
Andrew

On 4/15/2010 5:05 PM, Chris Hegarty wrote:
> Hi Andrew,
> 
> These tests have canned certs with 'localhost' as a subject alternative
> name in the client certificate. This fails client authentication on the
> accepted server socket if the platform returns anything other than
> 'localhost' for the remote address. This can happen on Linux which
> typically has an entry localhost.localdomain in the /etc/hosts file.
> 
> The fix is to disable client hostname checking on the server side, since
> these tests were added specifically to verify the hostname checking on
> the client side. Note, this does not indicate a bug in the client
> hostname checking on the server side, just that the canned certs in this
> particular test does not fully support it.
> 
> Webrev:
>   http://cr.openjdk.java.net/~chegar/6943219/webrev.00/webrev/
> 
> -Chris.




More information about the security-dev mailing list