Add a factory for HostnameVerifiers
Florian Weimer
fweimer at redhat.com
Wed Nov 28 13:55:09 UTC 2012
The attached patch adds a new class
javax.net.ssl.HostnameVerifierFactory, along with an SPI class and an
implementation. This allows TLS clients to perform host name
verification without referring to the internal HostnameChecker class.
I've updated the existing TLS test case for Kerberos to include host
name checking, and a new test case for host name verification with
certificate authentication. It turns out that HostnameChecker does not
quite implement the algorithm from RFC 2818 (I think only a single
wildcard per entire name is allowed by the RFC), but that could be
changed in a separate patch.
--
Florian Weimer / Red Hat Product Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostnameverifierfactory.patch
Type: text/x-patch
Size: 30123 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20121128/5003da9a/hostnameverifierfactory.patch>
More information about the security-dev
mailing list