41 lines
1.7 KiB
Diff
41 lines
1.7 KiB
Diff
Subject: Backport of JDK-8328723 IP Address error when client enables HTTPS endpoint check on server socket
|
|
|
|
---
|
|
.../sun/security/ssl/X509TrustManagerImpl.java | 15 ++++++++++++---
|
|
1 file changed, 12 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java b/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
|
|
index e3df4c162..58794e5dc 100644
|
|
--- a/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
|
|
+++ b/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
|
|
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
@@ -428,8 +428,17 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
|
|
}
|
|
|
|
if (!identifiable) {
|
|
- checkIdentity(peerHost,
|
|
- trustedChain[0], algorithm, chainsToPublicCA);
|
|
+ try {
|
|
+ checkIdentity(peerHost,
|
|
+ trustedChain[0], algorithm, chainsToPublicCA);
|
|
+ } catch(CertificateException ce) {
|
|
+ if (checkClientTrusted && "HTTPS".equalsIgnoreCase(algorithm)) {
|
|
+ throw new CertificateException("Endpoint Identification Algorithm " +
|
|
+ "HTTPS is not supported on the server side");
|
|
+ } else {
|
|
+ throw ce;
|
|
+ }
|
|
+ }
|
|
}
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|