On Fri, 4 Mar 2022 14:59:54 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Please review this change to fully support RFC 6125 in the TLS > implementation. This change forbids wildcard domains in TLS certificates > unless the wildcard is in the left-most component. Certificates of this > nature should be rare and are not allowed per the CABForum baseline > requirements. However there may be a small compatibility risk associated with > this change, so a CSR has also been filed. test/jdk/sun/security/util/HostnameChecker/Wildcard.java line 72: > 70: } catch (Exception e) { > 71: if (expected) { > 72: throw new Exception("unexpectedly failed match", e); consider to update these to RuntimeException test/jdk/sun/security/util/HostnameMatcher/TestHostnameChecker.java line 196: > 194: check(checker, "5.6.7.8", cert3, true); > 195: check(checker, "foo.bar.com", cert4, true); > 196: check(checker, "altfoo.bar.com", cert4, true); Can expected result be updated to false instead of removing this case? ------------- PR: https://git.openjdk.java.net/jdk/pull/7697