提交 fcc6f324 编写于 作者: Y yan

8237592: Enhance certificate verification

Reviewed-by: mbalao, andrew
上级 b35c23b8
/* /*
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -32,6 +32,7 @@ import java.util.*; ...@@ -32,6 +32,7 @@ import java.util.*;
import java.security.Principal; import java.security.Principal;
import java.security.cert.*; import java.security.cert.*;
import java.text.Normalizer;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import javax.net.ssl.SNIHostName; import javax.net.ssl.SNIHostName;
...@@ -220,7 +221,12 @@ public class HostnameChecker { ...@@ -220,7 +221,12 @@ public class HostnameChecker {
(X500Name.commonName_oid); (X500Name.commonName_oid);
if (derValue != null) { if (derValue != null) {
try { try {
if (isMatched(expectedName, derValue.getAsString())) { String cname = derValue.getAsString();
if (!Normalizer.isNormalized(cname, Normalizer.Form.NFKC)) {
throw new CertificateException("Not a formal name "
+ cname);
}
if (isMatched(expectedName, cname)) {
return; return;
} }
} catch (IOException e) { } catch (IOException e) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册