Add a factory for HostnameVerifiers
Florian Weimer
fweimer at redhat.com
Thu Nov 29 12:57:11 UTC 2012
On 11/28/2012 03:59 PM, Xuelei Fan wrote:
> What's the motivation of the proposal?
>
> It's more preferable to use the new X509ExtendedTrustManager and proper
> endpoint identification algorithm to do hostname verification. Does the
> new endpoint identification approach works for you?
Oops, I missed hat. I think I saw it before, but I forgot about it.
Maybe it would make sense to add a hint to the HostnameVerifier
interface? The documentation is also a bit ambiguous about the
applicability of the host name check to the TLSv1 SSLContext.
Would it be possible to backport the
javax.net.ssl.SSLParameters.setEndpointIdentificationAlgorithm(String)
method to OpenJDK 6, without introducing the X509ExtendedTrustManager class?
--
Florian Weimer / Red Hat Product Security Team
More information about the security-dev
mailing list