On Tue, 21 Apr 2026 09:06:42 GMT, Volkan Yazici <[email protected]> wrote:
>> Per [RFC 6066 "3. Server Name Indication"], disallow IP literals in >> `SNIHostName::new`. >> >> While the following two call-sites could be simplified by removing IP >> literal checks, I've refrained from doing so because delegating some of the >> checks to an exception catching mechanism would impact the performance: >> >> sun.security.ssl.Utilities::rawToSNIHostName >> sun.net.www.protocol.https.HttpsClient::afterConnect >> >> [RFC 6066 "3. Server Name Indication"]: >> https://www.rfc-editor.org/rfc/rfc6066.html#page-6 >> >> --------- >> - [X] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Volkan Yazici has updated the pull request incrementally with one additional > commit since the last revision: > > Add `ofString` static factory method src/java.base/share/classes/javax/net/ssl/SNIHostName.java line 104: > 102: * Users are advised to prefer the {@link #ofString(String) > ofString()} > 103: * static factory method over this constructor, since the former > performs > 104: * stricter checks. I don't know if this will be seen, which makes me wonder if this should go a step further and deprecate the constructors. src/java.base/share/classes/javax/net/ssl/SNIHostName.java line 182: > 180: * RFC 6066: Transport Layer Security (TLS) Extensions: Extension > Definitions > 181: */ > 182: public static SNIHostName ofString(String hostname) { ofHostName(String) and ofEncoded(byte) is another choice that would make it clear at the use sites. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3116920210 PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3116922253
