The client identity checks when "HTTPS" endpoint identification algorithm is set on SSL server throws "java.security.cert.CertificateException: No subject alternative names present" when client certificate's SubjectAltName extension does not match its IP address
Since the server has no external knowledge of what the client's identity ought to be, HTTPS identity checks must be disabled on the server side. The exception message has been fixed to indicate the same. I have performed the test both on SSL Server Engine and SSL Server Socket and attached are logs and snapshot for reference, also I have ran the changes against external test suite and test runs are green. ------------- Commit messages: - 8328723: IP Address error when client enables HTTPS endpoint check on server socket Changes: https://git.openjdk.org/jdk/pull/20048/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=20048&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8328723 Stats: 12 lines in 1 file changed: 9 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/20048.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/20048/head:pull/20048 PR: https://git.openjdk.org/jdk/pull/20048
