From 3418d05208c64a024e5843bf691cfedc4419829c Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Thu, 20 Feb 2020 14:35:32 +0100
Subject: Use 'localhost' for TLS hostname validation if spec uses wildcard
 address

---
 jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'jrt/src')

diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
index a363bf52155..a140e87713c 100644
--- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
@@ -21,7 +21,8 @@ public class TlsCryptoEngine implements CryptoEngine {
 
     @Override
     public TlsCryptoSocket createClientCryptoSocket(SocketChannel channel, Spec spec)  {
-        SSLEngine sslEngine = tlsContext.createSslEngine(spec.host(), spec.port());
+        String peerHost = spec.host() != null ? spec.host() : "localhost"; // Use localhost for wildcard address
+        SSLEngine sslEngine = tlsContext.createSslEngine(peerHost, spec.port());
         sslEngine.setUseClientMode(true);
         return new TlsCryptoSocket(channel, sslEngine);
     }
-- 
cgit v1.2.3