[HTTPCLIENT-1097] BrowserCompatHostnameVerifier and StrictHostnameVerifier should handle wildcards in SSL certificates better - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 4.1.1
Fix Version/s: 4.1.2
Component/s: HttpClient (classic)
Labels:
None

Description

I ran into a problem with SSL wildcard certificates in the class BrowserCompatHostnameVerifier. It handles ".example.org" fine but "server.example.org" fails to work correctly. The javadoc claims that it should behave the same way as curl and FireFox. In Firefox an SSL certificate for "server*.example.org" works fine for the host "server.example.org", using HttpClient it throws an exception.

Here is an example test (JUnit4):

package org.example.hb;

import javax.net.ssl.SSLException;

import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.junit.Test;

public class BrowserCompatHostnameVerifierTest {

/**

Should not throw an exeption in the verify method.
@throws SSLException
*/
@Test
public void testVerifyStringStringArrayStringArray() throws SSLException
{
BrowserCompatHostnameVerifier hv = new BrowserCompatHostnameVerifier();
String host = "www.example.org";
String[] cns = {"www*.example.org"}
;

hv.verify(host, cns, cns);
}

}

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Hennus Bergman

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 27/May/11 20:02

Updated:: 23/Jul/11 09:58

Resolved:: 02/Jun/11 13:11