Integrated: 8328723: IP Address error when client enables HTTPS endpoint check on server socket
Prajwal Kumaraswamy
pkumaraswamy at openjdk.org
Thu Jul 18 22:45:35 UTC 2024
On Fri, 5 Jul 2024 08:58:03 GMT, Prajwal Kumaraswamy <pkumaraswamy at openjdk.org> wrote:
> The client identity checks when "HTTPS" endpoint identification algorithm is set on SSL server throws "java.security.cert.CertificateException: No subject alternative names present" when client certificate's SubjectAltName extension does not match its IP address
>
> Since the server has no external knowledge of what the client's identity ought to be, HTTPS identity checks must be disabled on the server side.
> The exception message has been fixed to indicate the same.
>
> I have performed the test both on SSL Server Engine and SSL Server Socket and attached are logs and snapshot for reference, also I have ran the changes against external test suite and test runs are green.
This pull request has now been integrated.
Changeset: 1b9270ac
Author: Prajwal Kumaraswamy <pkumaraswamy at openjdk.org>
Committer: Bradford Wetmore <wetmore at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/1b9270ac8a76b482103dd3f6b12606a22214e554
Stats: 12 lines in 1 file changed: 9 ins; 0 del; 3 mod
8328723: IP Address error when client enables HTTPS endpoint check on server socket
Reviewed-by: wetmore, djelinski
-------------
PR: https://git.openjdk.org/jdk/pull/20048
More information about the security-dev
mailing list