Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8415

DefaultHostnameVerifier fails with HttpCore NIO

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.4.1
    • 3.5.0, 3.4.3, 3.3.10
    • None
    • None

    • CXF version 3.4.1
      httpcore-nio version 4.4.13
      httpasyncclient version 4.1.4

    • Unknown

    Description

      DefaultHostnameVerifier throws RuntimeException causing the IOReactor in HttpCore NIO to die. I have registered an issue on Apache HttpCore NIO HTTPCORE-660, but I really think this should be fixed in CXF.

      Please not that the line in question was changed from returning false to throwing RuntimeException as part of CXF-7876. But, maybe a better approach would be to not catch the SSLException. This will not kill the IOReactor in HttpCore NIO.

      Steps to reproduce

      1. Configure CXF to use asynchronous client http transport
      2. Test towards a server having a certificate with non-matching host (for instance wrong.host.badssl.com)

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. CXF-8437 DefaultHostnameVerifier accepts any certificate as valid which is a secure issue

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              ffang Freeman Yue Fang
              pibakke Per-Ivar Bakke
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: