On Tue, 2 Mar 2021 14:39:43 GMT, Vyom Tewari <vtew...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line
>> 569:
>>
>>> 567: SSLParameters paramaters = s.getSSLParameters();
>>> 568:
>>> paramaters.setEndpointIdentificationAlgorithm("HTTPS");
>>> 569:
>>> paramaters.setServerNames(Collections.singletonList(new SNIHostName(host)));
>>
>> What if the SSL Layer has already an SNIHostName configured? Is there a risk
>> that this will introduce regressions in such cases?
>
> May be i am not sure, we may need this code change to review by security
> expert. I am setting "SNIHostName" only if "isDefaultHostnameVerifier" is
> true(If the HNV is the default from HttpsURLConnection) so there should not
> be problem.
Did you try to run the httpclient tests? They make use of the httpserver - so
they can also serve to test it - somewhat.
More generally - please run jdk_net/tier2 tests.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2583
