Integrated: 8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses

Michael McMahon michaelm at openjdk.java.net
Thu Dec 9 17:42:17 UTC 2021


On Mon, 6 Dec 2021 21:27:48 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

> This updates the testkeys keystore file used by SimpleSSLContext in the test tree, in order to add subject alt names for the literal IP addresses "127.0.0.1" and "::1". This should allow the self signed certificate in the keystore to be accepted even when the local OS doesn't have a localhost to loopback address name service mapping.
> 
> Apart from the test, there's nothing to see in the webrev as it's a binary file. Here is the relevant diff between the list output from the old and new keystores
> 
> 24c24,31
> < #1: ObjectId: 2.5.29.14 Criticality=false
> ---
>> #1: ObjectId: 2.5.29.17 Criticality=true
>> SubjectAlternativeName [
>>   DNSName: localhost
>>   IPAddress: 127.0.0.1
>>   IPAddress: 0:0:0:0:0:0:0:1
>> ]
>>

This pull request has now been integrated.

Changeset: bc31ccc9
Author:    Michael McMahon <michaelm at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/bc31ccc95be9523cc6c64932f6d39f81c2e82bdd
Stats:     222 lines in 3 files changed: 218 ins; 0 del; 4 mod

8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses

Reviewed-by: dfuchs

-------------

PR: https://git.openjdk.java.net/jdk/pull/6727


More information about the security-dev mailing list