Bug 1251935

Summary: Preserving mechanism of original hostnames in SSLSocketImpl fails
Product: Red Hat Enterprise Linux 6 Reporter: Takeshi Nishimura <ninsho-dav-help>
Component: java-1.6.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: Lukáš Zachar <lzachar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.6CC: ahughes, dbhole, jvanek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-1.6.0-openjdk-1.6.0.37-1.13.9.0.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-10 20:30:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1241965    
Bug Blocks:    
Attachments:
Description Flags
Proposed patch none

Description Takeshi Nishimura 2015-08-10 11:10:06 UTC 
Created attachment 1061012 [details]
Proposed patch

Description of problem:
As described in
https://bugs.openjdk.java.net/browse/JDK-8132662
, sslSession.getPeerHost() is broken in recent OpenJDK packages.
With my further investigation, InetAddressHolder.originalHostName is not initialized properly in various situations.

Proposed patch is attached.

Version-Release number of selected component (if applicable):
java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el5_11
java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6
java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1
java-1.8.0-openjdk-1.8.0.51-0.b16.el6_6
java-1.8.0-openjdk-1.8.0.51-1.b16.el7_1
Comment 1 Andrew John Hughes 2015-08-14 19:48:58 UTC 
Taking this one as it relates to the last security update.
Comment 2 Takeshi Nishimura 2015-08-21 10:52:34 UTC 
I'd like to submit this patch to JDK-8133196 but I don't know how to sign up.
Comment 3 Andrew John Hughes 2015-08-21 20:14:15 UTC 
Their bug database is weird in that it only allows those with commit access to OpenJDK to use it.

I suggest posting the patch to the net-dev mailing list:

http://mail.openjdk.java.net/mailman/listinfo/net-dev
Comment 4 Takeshi Nishimura 2015-10-17 08:27:33 UTC 
JDK-8133196 was fixed so the fix will be carried in later versions.
Comment 5 Andrew John Hughes 2015-10-22 02:27:47 UTC 
This has just now been made public:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/64ac5b0b4b9e

Expect it to appear in the January security update.
Comment 6 Andrew John Hughes 2015-11-10 02:03:11 UTC 
This isn't specific to a particular RHEL version, so switching it to the better supported RHEL 6 series.
Comment 11 errata-xmlrpc 2016-05-10 20:30:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0788.html