RFR: 8328723: IP Address error when client enables HTTPS endpoint check on server socket [v2]
duke
duke at openjdk.org
Thu Jul 18 11:55:31 UTC 2024
On Tue, 9 Jul 2024 07:13:06 GMT, Prajwal Kumaraswamy <pkumaraswamy at openjdk.org> wrote:
>> The client identity checks when "HTTPS" endpoint identification algorithm is set on SSL server throws "java.security.cert.CertificateException: No subject alternative names present" when client certificate's SubjectAltName extension does not match its IP address
>>
>> Since the server has no external knowledge of what the client's identity ought to be, HTTPS identity checks must be disabled on the server side.
>> The exception message has been fixed to indicate the same.
>>
>> I have performed the test both on SSL Server Engine and SSL Server Socket and attached are logs and snapshot for reference, also I have ran the changes against external test suite and test runs are green.
>
> Prajwal Kumaraswamy has updated the pull request incrementally with one additional commit since the last revision:
>
> format code with minor changes
@pkumaraswamy
Your change (at version 7d6ce651beb82b21a9281ef6c1b98ebda9a95c2e) is now ready to be sponsored by a Committer.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20048#issuecomment-2236308168
More information about the security-dev
mailing list