archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled

Browse source 
Reviewed-by: weijun
This commit is contained in:
Xue-Lei Andrew Fan 2022-02-03 06:28:19 +00:00
parent a46307a79d
commit a95ee5ada2
4 changed files with 616 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
View file

@ -404,6 +404,12 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
boolean identifiable = false;
String peerHost = session.getPeerHost();
// Is it a Fully-Qualified Domain Names (FQDN) ending with a dot?
if (peerHost != null && peerHost.endsWith(".")) {
// Remove the ending dot, which is not allowed in SNIHostName.
peerHost = peerHost.substring(0, peerHost.length() - 1);
}
if (!checkClientTrusted) {
List<SNIServerName> sniNames = getRequestedServerNames(session);
String sniHostName = getHostNameInSNI(sniNames);