[9] RFR: 8054380: X.509 cert extension SubjectAltName should allow digits as first character of dNSName
Florian Weimer
fweimer at redhat.com
Thu Aug 7 12:47:57 UTC 2014
On 08/06/2014 08:32 PM, Jason Uh wrote:
> Please review this fix, which allows the first character of a DNSName in
> a SubjectAltName to be either a letter or a digit.
>
> http://cr.openjdk.java.net/~juh/8054380/webrev.01/
The test case should also check "123.example" and "www.123.example".
> This change is to stay compliant with RFC 1123:
>
> RFC 1123, Section 2.1:
>> One aspect of host name syntax is hereby changed: the
>> restriction on the first character is relaxed to allow either a
>> letter or a digit. Host software MUST support this more liberal
>> syntax.
>
> Please note this only applies to the first character of the hostname,
> not the first character of each component in the DNS Name.
The RFC 1123 change applies to each label, not just to the first one.
I wonder why using the HTTPS to access <https://www.3com.com> works with
the current jdk9-dev code. The name "www.3com.com" is only present in
the SAN.
--
Florian Weimer / Red Hat Product Security
More information about the security-dev
mailing list