On Tue, 8 Mar 2022 13:00:50 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Please review this change to fully support RFC 6125 in the TLS >> implementation. This change forbids wildcard domains in TLS certificates >> unless the wildcard is in the left-most component. Certificates of this >> nature should be rare and are not allowed per the CABForum baseline >> requirements. However there may be a small compatibility risk associated >> with this change, so a CSR has also been filed. > > Sean Mullan has updated the pull request incrementally with one additional > commit since the last revision: > > Merge Wildcard test into TestHostnameCheck. > Rename HostnameMatcher dir to HostnameChecker. I'm not seeing any indication in this PR documenting how this fix was tested. It appears to have caused a Tier2 test to fail on all platforms: JDK-8282832 sun/security/util/Pem/encoding.sh failed with "FileNotFoundException: .../open/test/jdk/sun/security/util/Pem/../HostnameMatcher/cert5.crt (No such file or directory)" https://bugs.openjdk.java.net/browse/JDK-8282832 ------------- PR: https://git.openjdk.java.net/jdk/pull/7697