diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-20 14:35:32 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-20 14:35:32 +0100 |
commit | 3418d05208c64a024e5843bf691cfedc4419829c (patch) | |
tree | 26b5edba4ed8076b71737450539e88cdf5172137 /jrt/src | |
parent | 8b5de98db88a3e463fad6273c9622573c19d6fc6 (diff) |
Use 'localhost' for TLS hostname validation if spec uses wildcard address
Diffstat (limited to 'jrt/src')
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java index a363bf52155..a140e87713c 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java @@ -21,7 +21,8 @@ public class TlsCryptoEngine implements CryptoEngine { @Override public TlsCryptoSocket createClientCryptoSocket(SocketChannel channel, Spec spec) { - SSLEngine sslEngine = tlsContext.createSslEngine(spec.host(), spec.port()); + String peerHost = spec.host() != null ? spec.host() : "localhost"; // Use localhost for wildcard address + SSLEngine sslEngine = tlsContext.createSslEngine(peerHost, spec.port()); sslEngine.setUseClientMode(true); return new TlsCryptoSocket(channel, sslEngine); } |