RFR: 8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses
Michael McMahon
michaelm at openjdk.java.net
Thu Dec 9 17:00:40 UTC 2021
This updates the testkeys keystore file used by SimpleSSLContext in the test tree, in order to add subject alt names for the literal IP addresses "127.0.0.1" and "::1". This should allow the self signed certificate in the keystore to be accepted even when the local OS doesn't have a localhost to loopback address name service mapping.
Apart from the test, there's nothing to see in the webrev as it's a binary file. Here is the relevant diff between the list output from the old and new keystores
24c24,31
< #1: ObjectId: 2.5.29.14 Criticality=false
---
> #1: ObjectId: 2.5.29.17 Criticality=true
> SubjectAlternativeName [
> DNSName: localhost
> IPAddress: 127.0.0.1
> IPAddress: 0:0:0:0:0:0:0:1
> ]
>
-------------
Commit messages:
- updated to check for IPv4/IPv6 support
- updated to use HttpServerAdapters and h2 tests
- Merge branch 'master' into simplesslcontext
- initial fix
Changes: https://git.openjdk.java.net/jdk/pull/6727/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6727&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8278312
Stats: 222 lines in 3 files changed: 218 ins; 0 del; 4 mod
Patch: https://git.openjdk.java.net/jdk/pull/6727.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/6727/head:pull/6727
PR: https://git.openjdk.java.net/jdk/pull/6727
More information about the security-dev
mailing list