-
Enhancement
-
Resolution: Unresolved
-
P3
-
None
-
7
1. DNSName only accepts letters as the first character. RFC 1123 has relaxed that restriction:
RFC 1123, Section 2.1:
> One aspect of host name syntax is hereby changed: the
> restriction on the first character is relaxed to allow either a
> letter or a digit. Host software MUST support this more liberal
> syntax.
2. RFC 952 specifies that an LDH (Letter-Digit-Hyphen) label may only end with a letter or digit. We should remove hyphens from the set of permissible terminal characters in a label.
3. No verification of a DNSName occurs when parsing an X509Certificate. Verification only occurs when creating a certificate (for example, with keytool). Fix this so that verification runs for both parsing and creation.
RFC 1123, Section 2.1:
> One aspect of host name syntax is hereby changed: the
> restriction on the first character is relaxed to allow either a
> letter or a digit. Host software MUST support this more liberal
> syntax.
2. RFC 952 specifies that an LDH (Letter-Digit-Hyphen) label may only end with a letter or digit. We should remove hyphens from the set of permissible terminal characters in a label.
3. No verification of a DNSName occurs when parsing an X509Certificate. Verification only occurs when creating a certificate (for example, with keytool). Fix this so that verification runs for both parsing and creation.
- duplicates
-
JDK-8016345 Update DNSName.java to support RFC 1123
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
1.
|
Relax DNSName restriction as per RFC 1123 |
|
Resolved | Sean Coffey |