Correct usage of hostName and cannonicalHostName in certificates to ensure the SSL certificates validate on Linux

2024-12-19 13:08:04 +00:00 · 2016-07-22 14:23:17 +01:00 · 2016-07-22 14:23:17 +01:00 · c7bc5ae652
commit c7bc5ae652
parent 00f897d58d
2 changed files with 3 additions and 3 deletions
--- a/core/src/main/kotlin/com/r3corda/core/crypto/X509Utilities.kt
+++ b/core/src/main/kotlin/com/r3corda/core/crypto/X509Utilities.kt
@ -522,7 +522,7 @@ object X509Utilities {
        val serverCert = X509Utilities.createServerCert(subject,
                serverKey.public,
                intermediateCA,
-                listOf(),
+                if(host.canonicalHostName == host.hostName) listOf() else listOf(host.hostName),
                listOf(host.hostAddress))

        val keypass = keyPassword.toCharArray()
--- a/core/src/test/kotlin/com/r3corda/core/crypto/X509UtilitiesTest.kt
+++ b/core/src/test/kotlin/com/r3corda/core/crypto/X509UtilitiesTest.kt
@ -162,7 +162,7 @@ class X509UtilitiesTest {
        serverCertAndKey.certificate.verify(caCertAndKey.certificate.publicKey)
        val host = InetAddress.getLocalHost()

-        assertTrue { serverCertAndKey.certificate.subjectDN.name.contains("CN=" + host.hostName) }
+        assertTrue { serverCertAndKey.certificate.subjectDN.name.contains("CN=" + host.canonicalHostName) }

        // Now sign something with private key and verify against certificate public key
        val testData = "123456".toByteArray()
@ -261,7 +261,7 @@ class X509UtilitiesTest {
        val peerX500Principal = (peerChain[0] as X509Certificate).subjectX500Principal
        val x500name = X500Name(peerX500Principal.name)
        val cn = x500name.getRDNs(BCStyle.CN).first().first.value.toString()
-        val hostname = InetAddress.getLocalHost().hostName
+        val hostname = InetAddress.getLocalHost().canonicalHostName
        assertEquals(hostname, cn)