Add a factory for HostnameVerifiers
Xuelei Fan
xuelei.fan at oracle.com
Fri Nov 30 00:28:25 UTC 2012
On 11/29/2012 8:57 PM, Florian Weimer wrote:
> On 11/28/2012 03:59 PM, Xuelei Fan wrote:
>> What's the motivation of the proposal?
>>
>> It's more preferable to use the new X509ExtendedTrustManager and proper
>> endpoint identification algorithm to do hostname verification. Does the
>> new endpoint identification approach works for you?
>
> Oops, I missed hat. I think I saw it before, but I forgot about it.
> Maybe it would make sense to add a hint to the HostnameVerifier
> interface? The documentation is also a bit ambiguous about the
> applicability of the host name check to the TLSv1 SSLContext.
>
Any suggestions?
> Would it be possible to backport the
> javax.net.ssl.SSLParameters.setEndpointIdentificationAlgorithm(String)
> method to OpenJDK 6, without introducing the X509ExtendedTrustManager
> class?
>
We cannot add new methods to update releases. And without
SSLSocket/SSLEngine, it is unlikely to get the end point identification
algorithm for individual connections. So it is no possible to me that
we can backport the updated SSLParameters without the
X509ExtendedTrustManager.
Xuelei
More information about the security-dev
mailing list