Bug 1251935 - Preserving mechanism of original hostnames in SSLSocketImpl fails
Preserving mechanism of original hostnames in SSLSocketImpl fails
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: java-1.6.0-openjdk (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Andrew John Hughes
Lukas Zachar
Depends On: CVE-2015-2625
  Show dependency treegraph
Reported: 2015-08-10 07:10 EDT by Takeshi Nishimura
Modified: 2016-05-10 16:30 EDT (History)
3 users (show)

See Also:
Fixed In Version: java-1.6.0-openjdk-
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-05-10 16:30:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (5.35 KB, patch)
2015-08-10 07:10 EDT, Takeshi Nishimura
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
openjdk bug system JDK-8132662 None None None Never
openjdk bug system JDK-8133196 None None None Never

  None (edit)
Description Takeshi Nishimura 2015-08-10 07:10:06 EDT
Created attachment 1061012 [details]
Proposed patch

Description of problem:
As described in
, sslSession.getPeerHost() is broken in recent OpenJDK packages.
With my further investigation, InetAddressHolder.originalHostName is not initialized properly in various situations.

Proposed patch is attached.

Version-Release number of selected component (if applicable):
Comment 1 Andrew John Hughes 2015-08-14 15:48:58 EDT
Taking this one as it relates to the last security update.
Comment 2 Takeshi Nishimura 2015-08-21 06:52:34 EDT
I'd like to submit this patch to JDK-8133196 but I don't know how to sign up.
Comment 3 Andrew John Hughes 2015-08-21 16:14:15 EDT
Their bug database is weird in that it only allows those with commit access to OpenJDK to use it.

I suggest posting the patch to the net-dev mailing list:

Comment 4 Takeshi Nishimura 2015-10-17 04:27:33 EDT
JDK-8133196 was fixed so the fix will be carried in later versions.
Comment 5 Andrew John Hughes 2015-10-21 22:27:47 EDT
This has just now been made public:


Expect it to appear in the January security update.
Comment 6 Andrew John Hughes 2015-11-09 21:03:11 EST
This isn't specific to a particular RHEL version, so switching it to the better supported RHEL 6 series.
Comment 11 errata-xmlrpc 2016-05-10 16:30:21 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.