On Wed, 3 Mar 2021 05:01:13 GMT, Vyom Tewari <vtew...@openjdk.org> wrote:
>>> HttpsURLConnection, works with SunJSSE provider but does not work with
>>> other JSSE provider. In case of SunJSSE , HttpsURLConnection set the host
>>> name as follows
>>>
>>> s = (SSLSocket)serverSocket;
>>> if (s instanceof SSLSocketImpl) {
>>> ((SSLSocketImpl)s).setHost(host);
>>> }
>>
>> Did you copy the code/lines above from
>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java?
>> This is the file you updated in the pull request. If I read the updated
>> file right, the line numbers are from 455 to 458. If the socket is an
>> instance of SSLSocketImpl, the host is set here.
>>
>>>
>>> But in case of other providers(BouncyCastleProvider ) host will not get set
>>> and "java.security.cert.CertificateException: No subject alternative name
>>> found matching IP address" exception will be thrown.
>>>
>
>> > HttpsURLConnection, works with SunJSSE provider but does not work with
>> > other JSSE provider. In case of SunJSSE , HttpsURLConnection set the host
>> > name as follows
>> > s = (SSLSocket)serverSocket;
>> > if (s instanceof SSLSocketImpl) {
>> > ((SSLSocketImpl)s).setHost(host);
>> > }
>>
>> Did you copy the code/lines above from
>> src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java?
>> This is the file you updated in the pull request. If I read the updated file
>> right, the line numbers are from 455 to 458. If the socket is an instance of
>> SSLSocketImpl, the host is set here.
>>
>> > But in case of other providers(BouncyCastleProvider ) host will not get
>> > set and "java.security.cert.CertificateException: No subject alternative
>> > name found matching IP address" exception will be thrown.
>
> thanks for pointing me out. yes you are right in case of SSLSocketImpl host
> will set twice. I will do the changes and update the PR.
update the PR and incorporated the review comment suggested by Xuelei.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2583
