commit | 87cc64fc8829860f6406b53dae64dee44d7ac2df | [log] [tgz] |
---|---|---|
author | Ryan Schmitt <rschmitt@apache.org> | Mon Jan 06 15:57:06 2020 -0800 |
committer | Ryan Schmitt <rschmitt@pobox.com> | Tue Jan 07 10:09:02 2020 -0800 |
tree | 35ae5529f3820c0b35afa67258bc7761655d2ca9 | |
parent | 3aec96d3dbbc1a167e0be376c4734d5c246e9bf3 [diff] |
DefaultHostnameVerifier: Match DNS and CN names against ICANN domains This change ensures that during hostname verification the public suffix list is only used to prevent wildcard matching against entire TLDs (e.g. `*.com`). Currently, private domains are also being matched against, which is preventing reasonable wildcards (such as `*.s3.eu-central-1.amazonaws.com`) from being respected.