Hi I've reopened the two bugs.
The first patch was incomplete, as pointed by David and by other bug i've found reviewing the code. The bug pointed by David can occur in some rare cases where the CA issues malformed certificates. It's rare, but there are may CA... The other bug it's about wildcard certificate validation. The first patch incorrect validates some cases. They're also rare cases of certificates of type aaaa*.xxx.com. Both are very rare cases, but I think they must be fixed before release. In outline, hosts name correctly validated: original -> 0% (no validation at all) first patch -> ¿99%? Never fails with valid certificates, block majority of invalid request. allow few rare cases which should be blocked second patch -> 100%. I hope. Thanks for your patience __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.