RFR: 8328723: IP Address error when client enables HTTPS endpoint check on server socket [v2]
Prajwal Kumaraswamy
pkumaraswamy at openjdk.org
Tue Jul 9 07:13:06 UTC 2024
> The client identity checks when "HTTPS" endpoint identification algorithm is set on SSL server throws "java.security.cert.CertificateException: No subject alternative names present" when client certificate's SubjectAltName extension does not match its IP address
>
> Since the server has no external knowledge of what the client's identity ought to be, HTTPS identity checks must be disabled on the server side.
> The exception message has been fixed to indicate the same.
>
> I have performed the test both on SSL Server Engine and SSL Server Socket and attached are logs and snapshot for reference, also I have ran the changes against external test suite and test runs are green.
Prajwal Kumaraswamy has updated the pull request incrementally with one additional commit since the last revision:
format code with minor changes
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/20048/files
- new: https://git.openjdk.org/jdk/pull/20048/files/c1b13d05..7d6ce651
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=20048&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=20048&range=00-01
Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/20048.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/20048/head:pull/20048
PR: https://git.openjdk.org/jdk/pull/20048
More information about the security-dev
mailing list