aboutsummaryrefslogtreecommitdiffstats
path: root/jrt
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2020-02-20 14:35:32 +0100
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2020-02-20 14:35:32 +0100
commit3418d05208c64a024e5843bf691cfedc4419829c (patch)
tree26b5edba4ed8076b71737450539e88cdf5172137 /jrt
parent8b5de98db88a3e463fad6273c9622573c19d6fc6 (diff)
Use 'localhost' for TLS hostname validation if spec uses wildcard address
Diffstat (limited to 'jrt')
-rw-r--r--jrt/src/com/yahoo/jrt/TlsCryptoEngine.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
index a363bf52155..a140e87713c 100644
--- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
@@ -21,7 +21,8 @@ public class TlsCryptoEngine implements CryptoEngine {
@Override
public TlsCryptoSocket createClientCryptoSocket(SocketChannel channel, Spec spec) {
- SSLEngine sslEngine = tlsContext.createSslEngine(spec.host(), spec.port());
+ String peerHost = spec.host() != null ? spec.host() : "localhost"; // Use localhost for wildcard address
+ SSLEngine sslEngine = tlsContext.createSslEngine(peerHost, spec.port());
sslEngine.setUseClientMode(true);
return new TlsCryptoSocket(channel, sslEngine);
}