RFR: 8213952: Relax DNSName restriction as per RFC 1123

Nico Williams Nico.Williams at twosigma.com
Thu Dec 6 18:56:14 UTC 2018

On Mon, Dec 03, 2018 at 05:10:26PM +0000, Seán Coffey wrote:
> I made further edits to update the DNSName comment code to reference RFC
> 5280 rather than the obsoleted RFC 2459. I also updated the test case with a
> few extra tests per suggestion from Chris and others. Moved the dataprovider
> into a good and bad data set also.
> A follow on bug has been logged to update all references of RFC 2459 to RFC
> 5280 (JDK-8214532)

Note that RFC 5280 has been updated by RFC 8399 as to dNSName, though
that update wouldn't be relevant to the code you're changing, but it
might be relevant to other references to RFCs 2459 and 5280 for all I

For the record, I reviewed your changes and they LGTM.  I did check
whether non-hostname domainnames are allowed (e.g., SRV RR names), but
RFC 5280 specifically refers to hostname syntax by referring to section
2.1 of RFC 1123.


More information about the security-dev mailing list