I've reopened the two bugs.

The first patch was incomplete, as pointed by David and by other bug
i've found reviewing the code.

The bug pointed by David can occur in  some rare cases where the CA
issues malformed certificates. It's rare, but there are may CA...
The other bug it's about  wildcard certificate validation. The first
patch incorrect validates some cases. They're also rare cases of
certificates of type aaaa*.xxx.com.

Both are very rare cases, but I think they must be fixed before release.

In outline, hosts name correctly validated:
original -> 0% (no validation at all)
first patch -> ¿99%? 
           Never fails with valid certificates, 
           block majority of invalid request.
           allow few rare cases which should be blocked
second patch -> 100%. I hope.

Thanks for your patience

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to