RFR: 8328723: IP Address error when client enables HTTPS endpoint check on server socket [v2]
Daniel Jeliński
djelinski at openjdk.org
Thu Jul 18 11:29:33 UTC 2024
On Tue, 9 Jul 2024 07:13:06 GMT, Prajwal Kumaraswamy <pkumaraswamy at openjdk.org> wrote:
>> The client identity checks when "HTTPS" endpoint identification algorithm is set on SSL server throws "java.security.cert.CertificateException: No subject alternative names present" when client certificate's SubjectAltName extension does not match its IP address
>>
>> Since the server has no external knowledge of what the client's identity ought to be, HTTPS identity checks must be disabled on the server side.
>> The exception message has been fixed to indicate the same.
>>
>> I have performed the test both on SSL Server Engine and SSL Server Socket and attached are logs and snapshot for reference, also I have ran the changes against external test suite and test runs are green.
>
> Prajwal Kumaraswamy has updated the pull request incrementally with one additional commit since the last revision:
>
> format code with minor changes
Marked as reviewed by djelinski (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/20048#pullrequestreview-2185551394
More information about the security-dev
mailing list