On Fri, 5 Jul 2024 08:58:03 GMT, Prajwal Kumaraswamy <pkumarasw...@openjdk.org> 
wrote:

> The client identity checks when "HTTPS" endpoint identification algorithm is 
> set on SSL server throws "java.security.cert.CertificateException: No subject 
> alternative names present" when client certificate's SubjectAltName extension 
> does not match its IP address
> 
> Since the server has no external knowledge of what the client's identity 
> ought to be,  HTTPS identity checks must be disabled on the server side.
> The exception message has been fixed to indicate the same.
> 
> I have performed the test both on SSL Server Engine and SSL Server Socket and 
> attached are logs and snapshot for reference, also I have ran the changes 
> against external test suite and test runs are green.

Test data
[https_endpt.zip](https://github.com/user-attachments/files/16109176/https_endpt.zip)

-------------

PR Comment: https://git.openjdk.org/jdk/pull/20048#issuecomment-2210724826

Reply via email to