JDK-8072385 : Only the first DNSName entry is checked for endpoint identification
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7u71
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-02-03
  • Updated: 2017-11-18
  • Resolved: 2015-03-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 JDK 9
7u85Fixed 8u60Fixed 9 b55Fixed
Description
In SunJSSE implementation, during endpoint identification, there is a bug in SubjectAlternativeName matching where only the first DNSName is checked.  As may impact some business where host-name alias are used.
Comments
noreg-external, the bug reporter had verified the patch.
04-03-2015