On Tue, 25 Jan 2022 00:13:32 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
> A hostname in an URL ending with a dot is valid (See RFC 1034). However, it
> is not a valid SNI hostname. The ending dot should be ignored while checking
> the hostname with SNI or the name in a X.509 certificate.
>
> The update could be verified with jshell.
> $ $JDK_HOME/bin/jshell
> jshell> URL url = new URL("https://www.google.com./";);
> jshell> URLConnection conn = url.openConnection();
> jshell> conn.connect();
This pull request has now been integrated.
Changeset: a95ee5ad
Author: Xue-Lei Andrew Fan <[email protected]>
URL:
https://git.openjdk.java.net/jdk/commit/a95ee5ada230a0177517efd3a417f319066169dd
Stats: 616 lines in 4 files changed: 613 ins; 0 del; 3 mod
8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
Reviewed-by: weijun
-------------
PR: https://git.openjdk.java.net/jdk/pull/7205
