On Tue, 2 Dec 2025 14:01:20 GMT, Sergey Chernyshev <[email protected]> wrote:
>> @vy The test excercises the same code path as in the BCJSSE case, that >> throws an exception on non-LDH symbols. Segments of IPv4 literal adresses >> are all LDH, so they do not trigger any exception. Adding an >> IPAddressUtil.isIPv4LiteralAddress() check in the above condition is purely >> to mirror SSLSocketImpl behavior, as I thought initially. >> >> On the other hand, should we then add a negative test with a certificate >> that doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), >> that should fail in the HostnameVerifier when the 'https://127.0.0.1' is >> requested? > > @djelinski would you think such a negative test is needed here? > On the other hand, should we then add a negative test with a certificate that > doesn't have a SAN extension (or the 127.0.0.1 ipv4 address in it), that > should fail in the HostnameVerifier when the 'https://127.0.0.1/' is > requested? No, such test would fail whether we use setServerNames or not. I think @vy is asking for a check that the SSLParameters passed to SSLSocket#setSSLParameters have no serverNames configured. That should be reasonably easy to do. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28577#discussion_r2581507151
