This is an automated email from the ASF dual-hosted git repository. vy pushed a commit to branch verifyHostName in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit 623d9e272162a8a32077fda41066abd861b2e593 Author: Volkan Yazıcı <[email protected]> AuthorDate: Mon Dec 8 09:47:15 2025 +0100 Skip host names failing at `SNIHostName::new` --- .../org/apache/logging/log4j/core/net/SslSocketManager.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/SslSocketManager.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/SslSocketManager.java index 70f8e89d28..101eb06a12 100644 --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/SslSocketManager.java +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/SslSocketManager.java @@ -383,7 +383,17 @@ public class SslSocketManager extends TcpSocketManager { // Literal IPv4 and IPv6 addresses are not permitted in "HostName". // https://www.rfc-editor.org/rfc/rfc6066.html#section-3 if (!InetAddressValidator.isValid(hostName)) { - sslParameters.setServerNames(Collections.singletonList(new SNIHostName(hostName))); + // `SNIHostName::new` validates host names using `IDN.toASCII(hostName, IDN.USE_STD3_ASCII_RULES)`. + // Instead of failing, simply skip host names causing `SNIHostName::new` failures. + SNIHostName serverName = null; + try { + serverName = new SNIHostName(hostName); + } catch (IllegalArgumentException ignored) { + // Do nothing + } + if (serverName != null) { + sslParameters.setServerNames(Collections.singletonList(serverName)); + } } socket.setSSLParameters(sslParameters); }
