Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8144566

Custom HostnameVerifier disables SNI extension

XMLWordPrintable

    • b116
    • generic
    • generic
    • Verified

        FULL PRODUCT VERSION :
        java version "1.8.0_66"
        Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
        Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        OS X 10.11.1

        A DESCRIPTION OF THE PROBLEM :
        Refering to JDK-8072464, which is closed due to "cannot reproduce".
        I wonder why your Devs can`t reproduce the problem, but I guess it because of his proxy settings.

        Taking the following test and grep for
        Extension server_name, server_name: [type=host_name (0), value=www.google.com]

        First method leads to intended output, second method setting hostnameverifier doesn't.


        import javax.net.ssl.HttpsURLConnection;
        import java.net.URL;

        public class SslTest {
        static {
        System.setProperty("javax.net.debug", "ssl,handshake");
        }

        @Test
        public void testHandshake() throws Exception {
        URL url = new URL("https://www.google.com");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.getInputStream();
        }

        @Test
        public void testHandshakeHostnameVerifier() throws Exception {
        URL url = new URL("https://www.google.com");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setHostnameVerifier((s, sslSession) -> true);
        conn.getInputStream();
        }

        }

        Sorry for the duplicate, but it is not possible to reopen or comment a bug.

        REGRESSION. Last worked in version 8u66

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        import javax.net.ssl.HttpsURLConnection;
        import java.net.URL;

        public class SslTest {
        static {
        System.setProperty("javax.net.debug", "ssl,handshake");
        }

        @Test
        public void testHandshake() throws Exception {
        URL url = new URL("https://www.google.com");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.getInputStream();
        }

        @Test
        public void testHandshakeHostnameVerifier() throws Exception {
        URL url = new URL("https://www.google.com");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setHostnameVerifier((s, sslSession) -> true);
        conn.getInputStream();
        }

        }

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Use of SNI Extension in both test methods

        Debug Information contains:

        Extension server_name, server_name: [type=host_name (0), value=www.google.com]
        ACTUAL -
        SNI is used without custom host name verifier only.


        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        import javax.net.ssl.HttpsURLConnection;
        import java.net.URL;

        public class SslTest {
        static {
        System.setProperty("javax.net.debug", "ssl,handshake");
        }

        @Test
        public void testHandshake() throws Exception {
        URL url = new URL("https://www.google.com");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.getInputStream();
        }

        @Test
        public void testHandshakeHostnameVerifier() throws Exception {
        URL url = new URL("https://www.google.com");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setHostnameVerifier((s, sslSession) -> true);
        conn.getInputStream();
        }

        }
        ---------- END SOURCE ----------

              xuelei Xuelei Fan
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: