RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException [v2]
Daniel Fuchs
dfuchs at openjdk.org
Tue Dec 2 14:29:48 UTC 2025
On Tue, 2 Dec 2025 10:45:10 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:
>> Sergey Chernyshev has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - addressed more review comments
>> - addressed review comments
>
> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 478:
>
>> 476: !IPAddressUtil.isIPv4LiteralAddress(host) &&
>> 477: !(host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']' &&
>> 478: IPAddressUtil.isIPv6LiteralAddress(host.substring(1, host.length() - 1))
>
> There is one more place in `sun.net.www`, which is in this very class, that
>
>
> (host.charAt(0) == '[' && host.charAt(host.length() - 1) == ']') { return host.substring(1, host.length() - 1)
>
>
> logic is practiced. Would it make sense to refactor this into a `private static Optional<String> ipv6FromHost(String host)` method, preferably with some short explanation in the method's Javadoc on why we do this?
The same thought occurred to me but I'd rather keep refactoring at a minimum in this PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581000260
More information about the security-dev
mailing list