<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Hai-May,</p>
<p>The fix overall looks good. One or two comments about the test:</p>
<ul>
<li>103: I think the comment might be more clear saying something
like "partial wildcard disallowed" since it's not the "*" in and
of itself that's the issue, it's that the next character
following it isn't a domain separator (".").</li>
<li>A similar badSanNames test case (I think) that walks a
different code path would be something like "a*.com". Although
the test on line 95 might walk the same codepath...If so then no
need to add anything else.</li>
</ul>
<p>--Jamil<br>
</p>
<div class="moz-cite-prefix">On 3/13/2020 9:25 AM, Hai-May Chao
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9E9A90E4-42A2-4375-B2CD-9D64A3BEBD07@oracle.com">
<pre class="moz-quote-pre" wrap="">Hi,
I need a code review for -
Bug: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8186143">https://bugs.openjdk.java.net/browse/JDK-8186143</a>
Webrev: <a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~weijun/8186143/webrev.00/">http://cr.openjdk.java.net/~weijun/8186143/webrev.00/</a>
The keytool -ext option doesn’t accept wildcards for DNS subject alternatives names in certificates. Certificates with wildcarded domains are useful for allowing domain names under a common subdomain to share the same certificate.
The fix involves adding a new DNSName constructor with an additional boolean flag ‘allowWildcard’.
Thank you,
Hai-May
</pre>
</blockquote>
</body>
</html>