On 11/29/2012 8:57 PM, Florian Weimer wrote: > On 11/28/2012 03:59 PM, Xuelei Fan wrote: >> What's the motivation of the proposal? >> >> It's more preferable to use the new X509ExtendedTrustManager and proper >> endpoint identification algorithm to do hostname verification. Does the >> new endpoint identification approach works for you? > > Oops, I missed hat. I think I saw it before, but I forgot about it. > Maybe it would make sense to add a hint to the HostnameVerifier > interface? The documentation is also a bit ambiguous about the > applicability of the host name check to the TLSv1 SSLContext. > Any suggestions?
> Would it be possible to backport the > javax.net.ssl.SSLParameters.setEndpointIdentificationAlgorithm(String) > method to OpenJDK 6, without introducing the X509ExtendedTrustManager > class? > We cannot add new methods to update releases. And without SSLSocket/SSLEngine, it is unlikely to get the end point identification algorithm for individual connections. So it is no possible to me that we can backport the updated SSLParameters without the X509ExtendedTrustManager. Xuelei
