On 08/07/2014 03:32 PM, Sean Mullan wrote:
On 08/07/2014 08:47 AM, Florian Weimer wrote:
I wonder why using the HTTPS to access <https://www.3com.com> works with
the current jdk9-dev code. The name "www.3com.com" is only present in
the SAN.
Is the SAN extension non-critical? If so, that could explain why. We
allow X509Certificates to be created with unparseable non-critical
extensions.
Yes, it's marked as non-critical. But this doesn't really explain the
lack of an exception because the www.3com.com dNSName is obviously used
(there's no TLS handshake failure).
--
Florian Weimer / Red Hat Product Security
