RFR: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled [v3]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Thu Feb 3 03:46:43 UTC 2022


> A hostname in an URL ending with a dot is valid (See RFC 1034).  However, it is not a valid SNI hostname.  The ending dot should be ignored while checking the hostname with SNI or the name in a X.509 certificate.
> 
> The update could be verified with jshell.
> $ $JDK_HOME/bin/jshell
> jshell> URL url = new URL("https://www.google.com./");
> jshell> URLConnection conn = url.openConnection();
> jshell> conn.connect();

Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:

  Update test copyright sections

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7205/files
  - new: https://git.openjdk.java.net/jdk/pull/7205/files/fe3e5f6b..0d53a77c

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7205&range=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7205&range=01-02

  Stats: 36 lines in 2 files changed: 10 ins; 4 del; 22 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7205.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7205/head:pull/7205

PR: https://git.openjdk.java.net/jdk/pull/7205



More information about the security-dev mailing list