Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support non-standard domains in SNI and X509 #6276

Closed
sbordet opened this issue May 14, 2021 · 1 comment · Fixed by #6296
Closed

Support non-standard domains in SNI and X509 #6276

sbordet opened this issue May 14, 2021 · 1 comment · Fixed by #6296
Labels
Sponsored This issue affects a user with a commercial support agreement

Comments

@sbordet
Copy link
Contributor

sbordet commented May 14, 2021

Jetty version
9.4.x

Description
Aggregates issues #6274 and #6275, as one is needed by the other for testing.
This was referenced May 14, 2021
Closed
Closed
@sbordet sbordet added the Sponsored This issue affects a user with a commercial support agreement label May 14, 2021
sbordet added a commit that referenced this issue May 18, 2021
@sbordet
Fixes #6276 - Support non-standard domains in SNI and X509.
3a9c34e 
Backported support for IP addresses in X509 (from #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.

Signed-off-by: Simone Bordet <[email protected]>
@sbordet sbordet linked a pull request May 18, 2021 that will close this issue
Fixes #6276 - Support non-standard domains in SNI and X509. #6296
Merged
@sbordet
Copy link
Contributor Author

sbordet commented May 18, 2021

See also #5379 work done for Jetty 10.

sbordet added a commit that referenced this issue May 18, 2021
@sbordet
Issue #6276 - Support non-standard domains in SNI and X509.
4264413 
Fixed test failures on CI due to lack of IPv6 support.

Signed-off-by: Simone Bordet <[email protected]>
sbordet added a commit that referenced this issue May 19, 2021
@sbordet
Issue #6276 - Support non-standard domains in SNI and X509.
5ab4fc9 
Fixed the non-domain SNI provider to send the server host,
not the local host (doh!).
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.

Signed-off-by: Simone Bordet <[email protected]>
sbordet added a commit that referenced this issue May 20, 2021
@sbordet
Issue #6276 - Support non-standard domains in SNI and X509.
f840460 
Fixed checkstyle issue.

Signed-off-by: Simone Bordet <[email protected]>
sbordet added a commit that referenced this issue May 21, 2021
@sbordet
Fixes #6276 - Support non-standard domains in SNI and X509. (#6296)
04df6d4 
* Fixes #6276 - Support non-standard domains in SNI and X509.

Backported support for IP addresses in X509 (from #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.

Signed-off-by: Simone Bordet <[email protected]>
sbordet added a commit that referenced this issue May 21, 2021
@sbordet
Fixes #6276 - Support non-standard domains in SNI and X509. (#6296)
4d45c5f 
Improved support for IP addresses in X509 (after #5379).
Introduced SslContextFactory.Client.SniProvider to allow applications to specify the SNI names to send to the server.
Improved logging of SNI processing.
Skip X509 matching over IP addresses when the host does
not look like an IP address, to avoid reverse DNS lookup.

Signed-off-by: Simone Bordet <[email protected]>
(cherry picked from commit 04df6d4)
sbordet added a commit that referenced this issue May 24, 2021
@sbordet
Issue #6276 - Support non-standard domains in SNI and X509.
aa53316 
Updates after review.

Signed-off-by: Simone Bordet <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Sponsored This issue affects a user with a commercial support agreement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #6276 - Support non-standard domains in SNI and X509. jetty/jetty.project
1 participant
@sbordet