On Fri, 15 May 2026 07:23:44 GMT, Volkan Yazici <[email protected]> wrote:
>> Per [RFC 6066 "3. Server Name Indication"], disallow IP literals in >> `SNIHostName::new`. >> >> While the following two call-sites could be simplified by removing IP >> literal checks, I've refrained from doing so because delegating some of the >> checks to an exception catching mechanism would impact the performance: >> >> sun.security.ssl.Utilities::rawToSNIHostName >> sun.net.www.protocol.https.HttpsClient::afterConnect >> >> [RFC 6066 "3. Server Name Indication"]: >> https://www.rfc-editor.org/rfc/rfc6066.html#page-6 >> >> --------- >> - [X] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Volkan Yazici has updated the pull request incrementally with three > additional commits since the last revision: > > - Break `ofEncoded(byte[])` intro into 2 sentences > - Wording improvement: `using the specified hostname` -> `from the specified > hostname` > - Wording improvement: `DNS hostname, which is` -> `DNS hostname that is` src/java.base/share/classes/javax/net/ssl/SNIHostName.java line 139: > 137: * href="http://www.ietf.org/rfc1123.txt";>RFC 1123</a> and <a > 138: * href="http://www.ietf.org/rfc5280.txt";>RFC 5280</a>) that is > either > 139: * ASCII-encoded or an {@linkplain IDN Internationalized Domain Name > (IDN)}. I find this wording confusing, we should make it clear that input must be an ASCII. How about something like this? ` A valid SNI hostname is a DNS hostname (see RFC 1123 and RFC 5280 ) that is ASCII-encoded. Internationalized Domain Names (IDN) are supported in ASCII-Compatible Encoding (ACE) form. ` src/java.base/share/classes/javax/net/ssl/SNIHostName.java line 311: > 309: * UTF-8. > 310: * <p> > 311: * This constructor decodes the specified bytes into a hostname > string. The This is not a constructor. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3261044101 PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3261051864
