On Tue, 9 Jul 2024 07:13:06 GMT, Prajwal Kumaraswamy <pkumarasw...@openjdk.org> wrote:
>> The client identity checks when "HTTPS" endpoint identification algorithm is >> set on SSL server throws "java.security.cert.CertificateException: No >> subject alternative names present" when client certificate's SubjectAltName >> extension does not match its IP address >> >> Since the server has no external knowledge of what the client's identity >> ought to be, HTTPS identity checks must be disabled on the server side. >> The exception message has been fixed to indicate the same. >> >> I have performed the test both on SSL Server Engine and SSL Server Socket >> and attached are logs and snapshot for reference, also I have ran the >> changes against external test suite and test runs are green. > > Prajwal Kumaraswamy has updated the pull request incrementally with one > additional commit since the last revision: > > format code with minor changes @pkumaraswamy Your change (at version 7d6ce651beb82b21a9281ef6c1b98ebda9a95c2e) is now ready to be sponsored by a Committer. ------------- PR Comment: https://git.openjdk.org/jdk/pull/20048#issuecomment-2236308168
