On Fri, 4 Mar 2022 14:59:54 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Please review this change to fully support RFC 6125 in the TLS
> implementation. This change forbids wildcard domains in TLS certificates
> unless the wildcard is in the left-most component. Certificates of this
> nature should be rare and are not allowed per the CABForum baseline
> requirements. However there may be a small compatibility risk associated with
> this change, so a CSR has also been filed.
test/jdk/sun/security/util/HostnameChecker/Wildcard.java line 72:
> 70: } catch (Exception e) {
> 71: if (expected) {
> 72: throw new Exception("unexpectedly failed match", e);
consider to update these to RuntimeException
test/jdk/sun/security/util/HostnameMatcher/TestHostnameChecker.java line 196:
> 194: check(checker, "5.6.7.8", cert3, true);
> 195: check(checker, "foo.bar.com", cert4, true);
> 196: check(checker, "altfoo.bar.com", cert4, true);
Can expected result be updated to false instead of removing this case?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7697
