On Fri, 14 Nov 2025 10:04:07 GMT, Daniel Fuchs <[email protected]> wrote:
>> test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IdentitiesBase.java >> line 104: >> >>> 102: CertificateBuilder.KeyUsage.KEY_ENCIPHERMENT) >>> 103: .addBasicConstraintsExt(false, false, -1) >>> 104: >>> .addExtension(CertificateBuilder.createIPSubjectAltNameExt(true, >>> "127.0.0.1")) >> >> I assume you verified that the DNSIdentities customization overwrites the >> SAN configured here, but I'd feel more confident if this line were moved to >> customizeServerCert in IPIdentities > > If there is an alternative SAN for IPv4 loopback address there should be one > for the IPv6 loopback too. > I assume you verified that the DNSIdentities customization overwrites the SAN > configured here, but I'd feel more confident if this line were moved to > customizeServerCert in IPIdentities Yes, they are overwritten, extensions are stored as a Map between extention id and the extension. > If there is an alternative SAN for IPv4 loopback address there should be one > for the IPv6 loopback too. I added the IPV6 loopback. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27342#discussion_r2550800219
