On Wed, 15 Apr 2026 15:17:16 GMT, Alan Bateman <[email protected]> wrote:
>> Per [RFC 6066 "3. Server Name Indication"], disallow IP literals in >> `SNIHostName::new`. >> >> While the following two call-sites could be simplified by removing IP >> literal checks, I've refrained from doing so because delegating some of the >> checks to an exception catching mechanism would impact the performance: >> >> sun.security.ssl.Utilities::rawToSNIHostName >> sun.net.www.protocol.https.HttpsClient::afterConnect >> >> [RFC 6066 "3. Server Name Indication"]: >> https://www.rfc-editor.org/rfc/rfc6066.html#page-6 >> >> --------- >> - [X] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > I've added the "csr" label as I think (and correct me if I have this wrong) > that javax.net.ssl.SNIHostName can now fail for cases that it didn't > previously fail. @AlanBateman, I've pushed a big facelift in 9596a5b2ca0. Some highlights from that change: - Constructors are deprecated - JavaDocs start with defining what is a valid SNI hostname - JavaDocs contain a dedicated section on DNS hostname validation - JavaDocs contain examples - JavaDocs are enriched with `@apiNote` and `@deprecated` texts - Code reuse is improved (between ctors and static factory methods) Would you mind re-reviewing the changes, please? ------------- PR Comment: https://git.openjdk.org/jdk/pull/30747#issuecomment-4334872502
