On Mon, 7 Mar 2022 21:26:34 GMT, Rajan Halade <rhal...@openjdk.org> wrote:
>> Please review this change to fully support RFC 6125 in the TLS >> implementation. This change forbids wildcard domains in TLS certificates >> unless the wildcard is in the left-most component. Certificates of this >> nature should be rare and are not allowed per the CABForum baseline >> requirements. However there may be a small compatibility risk associated >> with this change, so a CSR has also been filed. > > test/jdk/sun/security/util/HostnameMatcher/TestHostnameChecker.java line 196: > >> 194: check(checker, "5.6.7.8", cert3, true); >> 195: check(checker, "foo.bar.com", cert4, true); >> 196: check(checker, "altfoo.bar.com", cert4, true); > > Can expected result be updated to false instead of removing this case? It occurred to me that I should probably combine TestHostnameChecker and the Wildcard tests as they are both tests for domain matching. Let me see if it isn't too much work to do that (still waiting for the CSR to be approved anyway). ------------- PR: https://git.openjdk.java.net/jdk/pull/7697
