RFR: 8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive [v2]

Weijun Wang weijun at openjdk.java.net
Tue Mar 15 19:54:39 UTC 2022


On Thu, 10 Mar 2022 05:59:14 GMT, Sibabrata Sahoo <ssahoo at openjdk.org> wrote:

>> Domain value for system property jdk.https.negotiate.cbt  is case-insensitive now. Included Test has been updated to address the change.
>
> Sibabrata Sahoo has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update HttpsCB.java

src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java line 338:

> 336:                     return true;
> 337:                 }
> 338:                 String afterWildCard = domain.substring(1);

`domain` could be an empty string if the property value is "domain:a,,b". I know it's invalid but at least let's try our best to avoid a runtime exception. In fact, why is this variable necessary? It looks like `regionMatches` allows you to compare ...er... regions.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7759



More information about the security-dev mailing list