On Tue, 28 Apr 2026 11:26:07 GMT, Volkan Yazici <[email protected]> wrote:
>> Per [RFC 6066 "3. Server Name Indication"], disallow IP literals in >> `SNIHostName::new`. >> >> While the following two call-sites could be simplified by removing IP >> literal checks, I've refrained from doing so because delegating some of the >> checks to an exception catching mechanism would impact the performance: >> >> sun.security.ssl.Utilities::rawToSNIHostName >> sun.net.www.protocol.https.HttpsClient::afterConnect >> >> [RFC 6066 "3. Server Name Indication"]: >> https://www.rfc-editor.org/rfc/rfc6066.html#page-6 >> >> --------- >> - [X] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Volkan Yazici has updated the pull request incrementally with one additional > commit since the last revision: > > Big facelift src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java line 394: > 392: try { > 393: @SuppressWarnings("deprecation") > 394: var sni = new > SNIHostName(serverName.getEncoded()); Why do we need `sni` temporary variable here? Same goes for `X509TrustManagerImpl.java` ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3158177657
