JDK-8072385 : Only the first DNSName entry is checked for endpoint identification
Type:Bug
Component:security-libs
Sub-Component:javax.net.ssl
Affected Version:7u71
Priority:P3
Status:Closed
Resolution:Fixed
Submitted:2015-02-03
Updated:2017-11-18
Resolved:2015-03-11
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
In SunJSSE implementation, during endpoint identification, there is a bug in SubjectAlternativeName matching where only the first DNSName is checked. As may impact some business where host-name alias are used.
Comments
noreg-external, the bug reporter had verified the patch.