On 08/06/2014 08:32 PM, Jason Uh wrote:
Please review this fix, which allows the first character of a DNSName in
a SubjectAltName to be either a letter or a digit.
http://cr.openjdk.java.net/~juh/8054380/webrev.01/
The test case should also check "123.example" and "www.123.example".
This change is to stay compliant with RFC 1123:
RFC 1123, Section 2.1:
One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit. Host software MUST support this more liberal
syntax.
Please note this only applies to the first character of the hostname,
not the first character of each component in the DNS Name.
The RFC 1123 change applies to each label, not just to the first one.
I wonder why using the HTTPS to access <https://www.3com.com> works with
the current jdk9-dev code. The name "www.3com.com" is only present in
the SAN.
--
Florian Weimer / Red Hat Product Security
