RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException [v2]
Jaikiran Pai
jpai at openjdk.org
Tue Dec 2 14:29:46 UTC 2025
On Tue, 2 Dec 2025 10:42:02 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:
>>
>>> 476: !IPAddressUtil.isIPv4LiteralAddress(host) &&
>>> 477: !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
>>> 478: IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))
>>
>> The `host` value here comes from `URL.getHost()` which specifies that it returns an IPv6 address enclosed in `[]`brackets. So what you have here looks fine to me.
>>
>> One additional thing I would suggest is to make this `protected String host` field of this class `final`. It currently gets assigned in the constructor of the `HttpClient` and `HttpsClient` and making this `final` would give an extra assurance that its value will always be coming from `URL.getHost()` call.
>>
>> These 2 `sun.net.www.http.HttpClient` and `HttpsClient` classes are internal to the JDK, so changing this protected field to final shouldn't cause any issues for application code.
>
> @jaikiran I think this deserves a separate issue. I could file a bug for this.
Yes, it's OK with me if you don't change this field to `final` in this PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2580627052
More information about the security-dev
mailing list