JDK-8155049 : New tests from 8144566 fail with "No expected Server Name Indication"
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 9
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-04-25
  • Updated: 2017-11-29
  • Resolved: 2016-05-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u141Fixed 9 b120Fixed
Related Reports
Relates :  
JDK-8144566 - Custom HostnameVerifier disables SNI extension
Description
Following tests added with JDK-8144566 failed.

javax/net/ssl/ServerName/BestEffortOnLazyConnected.java
sun/net/www/protocol/https/HttpsURLConnection/ImpactOnSNI.java

Server died...
java.lang.Exception: No expected Server Name Indication
	at BestEffortOnLazyConnected.doServerSide(BestEffortOnLazyConnected.java:120)
	at BestEffortOnLazyConnected.access$000(BestEffortOnLazyConnected.java:43)
	at BestEffortOnLazyConnected$1.run(BestEffortOnLazyConnected.java:288)

JavaTest Message: Test threw exception: java.lang.Exception: No expected Server Name Indication
JavaTest Message: shutting down test

STATUS:Failed.`main' threw exception: java.lang.Exception: No expected Server Name Indication


Server died...
java.lang.Exception: No expected Server Name Indication
	at ImpactOnSNI.doServerSide(ImpactOnSNI.java:143)
	at ImpactOnSNI.access$100(ImpactOnSNI.java:40)
	at ImpactOnSNI$1.run(ImpactOnSNI.java:340)

JavaTest Message: Test threw exception: java.lang.Exception: No expected Server Name Indication
JavaTest Message: shutting down test

STATUS:Failed.`main' threw exception: java.lang.Exception: No expected Server Name Indication
Comments
Review sent - http://mail.openjdk.java.net/pipermail/security-dev/2016-May/013904.html
13-05-2016
This is not a bug. As per RFC, hostname needs to be fully qualified - "HostName" contains the fully qualified DNS hostname of the server, as understood by the client. The hostname is represented as a byte string using UTF-8 encoding [UTF8], without a trailing dot.
13-05-2016
I think the test failure is result of not having fully qualified domain name. Following check skips the test if hostname is not fully qualified but isn't complete - http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/647431dccd71/test/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java#l199 The check at http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/647431dccd71/src/java.base/share/classes/sun/security/ssl/Utilities.java#l96 adds hostname to SNI only if it is fully qualified domain name. So in this case, hostname won't be added to SNI extension and test will fail.
13-05-2016
These 2 tests fail when run on slc09qkr/qkw(zones) and pass when run on slc08giy(a vm). I have entered an infrastructure bug to look at it from that perspective, https://java.se.oracle.com/infrabugs/browse/INFRA-7425
12-05-2016