Re: RFR: 8378500: Restrict IP literals from being allowed in javax.net.ssl.SNIHostName [v9]

Wed, 06 May 2026 02:55:13 -0700 

On Wed, 6 May 2026 07:35:37 GMT, Alan Bateman <[email protected]> wrote:

>> Volkan Yazici has updated the pull request with a new target base due to a 
>> merge or a rebase. The incremental webrev excludes the unrelated changes 
>> brought in by the merge/rebase. The pull request contains 10 additional 
>> commits since the last revision:
>> 
>>  - Merge remote-tracking branch 'upstream/master' into sni
>>  - Apply review feedback
>>  - Fix variable shadowing issue in `SNIHostName`
>>  - Enrich tests
>>  - Use `sun.security.x509.DNSName` in strict checks
>>  - Merge remote-tracking branch 'upstream/master' into sni
>>  - Improve deprecation message
>>  - Big facelift
>>  - Add `ofString` static factory method
>>  - Disallow IP literals in `SNIHostName::new`
>
> src/java.base/share/classes/javax/net/ssl/SNIHostName.java line 81:
> 
>> 79:      * Creates an {@code SNIHostName} using the specified hostname.
>> 80:      * <p>
>> 81:      * A valid SNI hostname is a DNS hostname, which is either an 
>> ASCII-encoded
> 
> I wonder if "DNS hostname" could link to somewhere authoritative that defines 
> a DNS hostname. If you could find a suitable target then the first usage in 
> the class description could link to it.

I had the very same thought while writing the docs, but had difficulty in 
implementing it. Initially, I've thought of referencing to 
`sun.security.x509.DNSName`. But it is neither well-documented, nor public. I 
can suggest two candidates:

1. [RFC 1123 "Requirements for Internet Hosts -- Application and Support" > 2.1 
Host Names and Numbers](https://www.rfc-editor.org/rfc/rfc1123.html#page-13). — 
It is already referenced in `@spec`, it amends [RFC 952 "DOD INTERNET HOST 
TABLE SPECIFICATION"](https://www.rfc-editor.org/rfc/rfc952.html), and it 
contains a "good enough" definition.
2. [RFC 5280 "Internet X.509 Public Key Infrastructure Certificate and 
Certificate Revocation List (CRL) Profile" > 4.2.1.6. Subject Alternative 
Name](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.6) — AFAICT, 
this is _"the authoritative definition"_, but it has never been mentioned 
earlier in `SNIHostName` or `SNIServerName`.

@artur-oracle, @AlanBateman, do you have a certain preference? Shall I simply 
use RFC 1123?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3194516975

Reply via email to