RFR: 7192189: Support endpoint identification algorithm in RFC 6125 [v2]
Sean Mullan
mullan at openjdk.java.net
Tue Mar 8 13:00:50 UTC 2022
> Please review this change to fully support RFC 6125 in the TLS implementation. This change forbids wildcard domains in TLS certificates unless the wildcard is in the left-most component. Certificates of this nature should be rare and are not allowed per the CABForum baseline requirements. However there may be a small compatibility risk associated with this change, so a CSR has also been filed.
Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
Merge Wildcard test into TestHostnameCheck.
Rename HostnameMatcher dir to HostnameChecker.
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7697/files
- new: https://git.openjdk.java.net/jdk/pull/7697/files/f91b9e15..2b6a9179
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7697&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7697&range=00-01
Stats: 562 lines in 9 files changed: 251 ins; 311 del; 0 mod
Patch: https://git.openjdk.java.net/jdk/pull/7697.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7697/head:pull/7697
PR: https://git.openjdk.java.net/jdk/pull/7697
More information about the security-dev
mailing list