Mercurial > hg > release > icedtea7-forest-2.6 > jdk
changeset 9957:cf4f065c885d
8237592: Enhance certificate verification
Reviewed-by: mbalao, andrew
author | yan |
---|---|
date | Sat, 18 Apr 2020 12:16:42 +0800 |
parents | 0dfd910e9753 |
children | ce29e542f3fa |
files | src/share/classes/sun/security/util/HostnameChecker.java |
diffstat | 1 files changed, 8 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/util/HostnameChecker.java Fri Apr 10 11:46:17 2020 +0000 +++ b/src/share/classes/sun/security/util/HostnameChecker.java Sat Apr 18 12:16:42 2020 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,7 @@ import java.security.Principal; import java.security.cert.*; +import java.text.Normalizer; import javax.security.auth.x500.X500Principal; @@ -226,7 +227,12 @@ (X500Name.commonName_oid); if (derValue != null) { try { - if (isMatched(expectedName, derValue.getAsString())) { + String cname = derValue.getAsString(); + if (!Normalizer.isNormalized(cname, Normalizer.Form.NFKC)) { + throw new CertificateException("Not a formal name " + + cname); + } + if (isMatched(expectedName, cname)) { return; } } catch (IOException e) {