On 11/28/2012 03:59 PM, Xuelei Fan wrote:
What's the motivation of the proposal?
It's more preferable to use the new X509ExtendedTrustManager and proper
endpoint identification algorithm to do hostname verification. Does the
new endpoint identification approach works for you?
Oops, I missed hat. I think I saw it before, but I forgot about it.
Maybe it would make sense to add a hint to the HostnameVerifier
interface? The documentation is also a bit ambiguous about the
applicability of the host name check to the TLSv1 SSLContext.
Would it be possible to backport the
javax.net.ssl.SSLParameters.setEndpointIdentificationAlgorithm(String)
method to OpenJDK 6, without introducing the X509ExtendedTrustManager class?
--
Florian Weimer / Red Hat Product Security Team
