Use 'localhost' for TLS hostname validation if spec uses wildcard address

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-20 14:35:32 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-20 14:35:32 +0100
commit: 3418d05208c64a024e5843bf691cfedc4419829c (patch)
tree: 26b5edba4ed8076b71737450539e88cdf5172137 /jrt
parent: 8b5de98db88a3e463fad6273c9622573c19d6fc6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
index a363bf52155..a140e87713c 100644
--- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
@@ -21,7 +21,8 @@ public class TlsCryptoEngine implements CryptoEngine {
 
     @Override
     public TlsCryptoSocket createClientCryptoSocket(SocketChannel channel, Spec spec)  {
-        SSLEngine sslEngine = tlsContext.createSslEngine(spec.host(), spec.port());
+        String peerHost = spec.host() != null ? spec.host() : "localhost"; // Use localhost for wildcard address
+        SSLEngine sslEngine = tlsContext.createSslEngine(peerHost, spec.port());
         sslEngine.setUseClientMode(true);
         return new TlsCryptoSocket(channel, sslEngine);
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-20 14:35:32 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-20 14:35:32 +0100
commit	3418d05208c64a024e5843bf691cfedc4419829c (patch)
tree	26b5edba4ed8076b71737450539e88cdf5172137 /jrt
parent	8b5de98db88a3e463fad6273c9622573c19d6fc6 (diff)