RFR: 8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive [v2]
Weijun Wang
weijun at openjdk.java.net
Tue Mar 15 19:54:39 UTC 2022
On Thu, 10 Mar 2022 05:59:14 GMT, Sibabrata Sahoo <ssahoo at openjdk.org> wrote:
>> Domain value for system property jdk.https.negotiate.cbt is case-insensitive now. Included Test has been updated to address the change.
>
> Sibabrata Sahoo has updated the pull request incrementally with one additional commit since the last revision:
>
> Update HttpsCB.java
src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java line 338:
> 336: return true;
> 337: }
> 338: String afterWildCard = domain.substring(1);
`domain` could be an empty string if the property value is "domain:a,,b". I know it's invalid but at least let's try our best to avoid a runtime exception. In fact, why is this variable necessary? It looks like `regionMatches` allows you to compare ...er... regions.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7759
More information about the security-dev
mailing list