Code review of JDK-8072385, Only the first DNSName entry is checked for endpoint identification

Xuelei Fan xuelei.fan at oracle.com
Wed Mar 4 14:51:17 UTC 2015


Hi,

Please review the fix for:
   https://bugs.openjdk.java.net/browse/JDK-8072385

In SunJSSE implementation, during endpoint identification, there is a
bug in SubjectAlternativeName matching that only the fist DNSName are
checked. As may impact some business where host-name alias are used.

The patch is attached.

Thanks,
Xuelei
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ClientHandshaker.patch
Type: text/x-patch
Size: 5798 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20150304/c87c08b5/ClientHandshaker.patch>


More information about the security-dev mailing list