RFR: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Feb 3 03:46:43 UTC 2022
> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it is not a valid SNI hostname. The ending dot should be ignored while checking the hostname with SNI or the name in a X.509 certificate.
>
> The update could be verified with jshell.
> $ $JDK_HOME/bin/jshell
> jshell> URL url = new URL("https://www.google.com./");
> jshell> URLConnection conn = url.openConnection();
> jshell> conn.connect();
Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
Update test copyright sections
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7205/files
- new: https://git.openjdk.java.net/jdk/pull/7205/files/fe3e5f6b..0d53a77c
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7205&range=02
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7205&range=01-02
Stats: 36 lines in 2 files changed: 10 ins; 4 del; 22 mod
Patch: https://git.openjdk.java.net/jdk/pull/7205.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7205/head:pull/7205
PR: https://git.openjdk.java.net/jdk/pull/7205
More information about the security-dev
mailing list