RFR: 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Tue Jan 25 00:20:02 UTC 2022
A hostname in an URL ending with a dot is valid (See RFC 1034). However, it is not a valid SNI hostname. The ending dot should be ignored while checking the hostname with SNI or the name in a X.509 certificate.
The update should be verified with jshell. No new regression test added as there is a need of Fully-Qualified Domain Name.
$ $JDK_HOME/bin/jshell
jshell> URL url = new URL("https://www.google.com./");
jshell> URLConnection conn = url.openConnection();
jshell> conn.connect();
-------------
Commit messages:
- 8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
Changes: https://git.openjdk.java.net/jdk/pull/7205/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7205&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8065422
Stats: 14 lines in 2 files changed: 11 ins; 0 del; 3 mod
Patch: https://git.openjdk.java.net/jdk/pull/7205.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7205/head:pull/7205
PR: https://git.openjdk.java.net/jdk/pull/7205
More information about the security-dev
mailing list