Verify peer hostname against peer certificate of the SSL session.
This method verifies the CommonName attribute of the peer certificate's
SubjectDN or the DNSNames of the peer certificate's SubjectAlternativeNames
extension against the urlhostname. The certificate attribute must
(case insensitively) match the urlhostname.
The SubjectDN CommonName attribute is verified first, and if successful,
the SubjectAlternativeNames attributes are not verified. If the peer certificate
doesn't have a SubjectDN, or the SubjectDN doesn't have a CommonName attribute,
then the SubjectAlternativeName attributes of type DNSNames are compared to the
urlhostname. The first successful comparison to a DNSName causes this method
to return true without comparing any other DNSNames.
To verify successfully the url hostname must be case-insensitively equal to the
certificate attribute being compared.
Alternatively, this method will return true if one of the following
- the SSL session's peer certificate is a WebLogic Demo certificate
- the SSL session's peer certificate's SubjectDN CommonName attribute is equal to
the local machine's hostname AND the local machine's hostname or ip address
matches the urlhostname parameter.
- the urlhostname parameter can be verified to be a loopback address or the local hostname.
- the SSL session's peer certificate is an Oracle Key Store Service (KSS)
Demo certificate for the current Weblogic Server domain and Weblogic Server is
enabled to use KSS Demo certificates.