RFR: 7192189: Support endpoint identification algorithm in RFC 6125 [v2]

Sean Mullan mullan at openjdk.java.net
Tue Mar 8 13:00:50 UTC 2022


> Please review this change to fully support RFC 6125 in the TLS implementation. This change forbids wildcard domains in TLS certificates unless the wildcard is in the left-most component. Certificates of this nature should be rare and are not allowed per the CABForum baseline requirements. However there may be a small compatibility risk associated with this change, so a CSR has also been filed.

Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:

  Merge Wildcard test into TestHostnameCheck.
  Rename HostnameMatcher dir to HostnameChecker.

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7697/files
  - new: https://git.openjdk.java.net/jdk/pull/7697/files/f91b9e15..2b6a9179

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7697&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7697&range=00-01

  Stats: 562 lines in 9 files changed: 251 ins; 311 del; 0 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7697.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7697/head:pull/7697

PR: https://git.openjdk.java.net/jdk/pull/7697



More information about the security-dev mailing list