RFR: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled [v2]
Weijun Wang
weijun at openjdk.java.net
Thu Feb 3 01:22:04 UTC 2022
On Wed, 26 Jan 2022 18:58:07 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it is not a valid SNI hostname. The ending dot should be ignored while checking the hostname with SNI or the name in a X.509 certificate.
>>
>> The update could be verified with jshell.
>> $ $JDK_HOME/bin/jshell
>> jshell> URL url = new URL("https://www.google.com./");
>> jshell> URLConnection conn = url.openConnection();
>> jshell> conn.connect();
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>
> Add regression test with customized hosts
test/jdk/javax/net/ssl/ServerName/EndingDotHostname.java line 8:
> 6: * it under the terms of the GNU General Public License version 2 as
> 7: * published by the Free Software Foundation. THL A29 Limited designates
> 8: * this particular file as subject to the "Classpath" exception as provided
Please remove the Classpath part. It does not apply to tests. Same comment to the other file.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7205
More information about the security-dev
mailing list