On Tue, 16 Feb 2021 07:50:05 GMT, Vyom Tewari <vtew...@openjdk.org> wrote:
> HttpsURLConnection, works with SunJSSE provider but does not work with other > JSSE provider. In case of SunJSSE , HttpsURLConnection set the host name as > follows > > s = (SSLSocket)serverSocket; > if (s instanceof SSLSocketImpl) { > ((SSLSocketImpl)s).setHost(host); > } > > But in case of other providers(BouncyCastleProvider ) host will not get set > and "java.security.cert.CertificateException: No subject alternative name > found matching IP address" exception will be thrown. src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line 569: > 567: SSLParameters paramaters = s.getSSLParameters(); > 568: > paramaters.setEndpointIdentificationAlgorithm("HTTPS"); > 569: > paramaters.setServerNames(Collections.singletonList(new SNIHostName(host))); What if the SSL Layer has already an SNIHostName configured? Is there a risk that this will introduce regressions in such cases? ------------- PR: https://git.openjdk.java.net/jdk/pull/2583