8328723: IP Address error when client enables HTTPS endpoint check on server socket

Reviewed-by: wetmore, djelinski
2025-08-27 06:45:07 +02:00 · 2024-07-18 22:42:34 +00:00 · 2024-07-18 22:42:34 +00:00 · 1b9270ac8a
commit 1b9270ac8a
parent 330e520c1d
1 changed files with 12 additions and 3 deletions
--- a/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -428,8 +428,17 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
        }

        if (!identifiable) {
-            checkIdentity(peerHost,
-                    trustedChain[0], algorithm, chainsToPublicCA);
+            try {
+                checkIdentity(peerHost,
+                        trustedChain[0], algorithm, chainsToPublicCA);
+            } catch(CertificateException ce) {
+                if (checkClientTrusted && "HTTPS".equalsIgnoreCase(algorithm)) {
+                    throw new CertificateException("Endpoint Identification Algorithm " +
+                            "HTTPS is not supported on the server side");
+                } else {
+                    throw ce;
+                }
+            }
        }
    }