Description
As part of KNOX-1912, there has been some modification that added DNSName values for localhost even if the hostname evaluated to 127.0.0.1. However, due to RFC-1034, this is not allowed. On the other hand, newer RFCs (e.g. RFC 2181, RFC 1123) are relaxing these restrictions. Oracle claimed they fixed it in JDK 8 u212 (https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8213952) but it does not seem to be the case.
As a result, neither the build finishes successfully nor the gateway starts as expected due to the same DNSName issue (IOException: DNSName components must begin with a letter).
Recommended solution: only add the evaluated localhost address if it starts with a letter.
Attachments
Issue Links
- is caused by
-
KNOX-1912 X509CertificateUtil should set CN and SAN
- Closed
- links to