On Wed, 3 Mar 2021 15:10:54 GMT, Vyom Tewari <vtew...@openjdk.org> wrote:
>> HttpsURLConnection, works with SunJSSE provider but does not work with other
>> JSSE provider. In case of SunJSSE , HttpsURLConnection set the host name as
>> follows
>>
>> s = (SSLSocket)serverSocket;
>> if (s instanceof SSLSocketImpl) {
>> ((SSLSocketImpl)s).setHost(host);
>> }
>>
>> But in case of other providers(BouncyCastleProvider ) host will not get set
>> and "java.security.cert.CertificateException: No subject alternative name
>> found matching IP address" exception will be thrown.
>
> Vyom Tewari has updated the pull request incrementally with one additional
> commit since the last revision:
>
> reverted the overly deleted else block
src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java line
566:
> 564: SSLParameters paramaters = s.getSSLParameters();
> 565:
> paramaters.setEndpointIdentificationAlgorithm("HTTPS");
> 566: paramaters.setServerNames(List.of(new
> SNIHostName(host)));
Thank you for taking my comment. But I may not update line 456-458. A safer
update may be in line 566, for example:
+ // The host has been set for SSLSocketImp previously.
+ if (!(s instanced SSLSocketImpl)) {
paramaters.setServerNames(List.of(new SNIHostName(host)));
+ }
-------------
PR: https://git.openjdk.java.net/jdk/pull/2583
