RFR: 8369950: TLS connection to IPv6 address fails with BCJSSE due to IllegalArgumentException [v5]
Sergey Chernyshev
schernyshev at openjdk.org
Wed Dec 3 00:42:28 UTC 2025
On Tue, 2 Dec 2025 14:47:00 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> @djelinski would you think such a negative test is needed here?
>
>> On the other hand, should we then add a negative test with a certificate that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that should fail in the HostnameVerifier when the 'https://127.0.0.1/' is requested?
>
> No, such test would fail whether we use setServerNames or not.
>
> I think @vy is asking for a check that the SSLParameters passed to SSLSocket#setSSLParameters have no serverNames configured. That should be reasonably easy to do.
@djelinski @vy We could check the SSL parameters of the internal SSLSocket if the wrapper socket factory passed the inner SSLSocket to the caller. Please take a look at the updated test.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2583227229
More information about the security-dev
mailing list