Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1636

Regression: hostname verification fails when it shouldn't

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 4.4 Final
    • 4.5
    • HttpClient (classic)
    • None

    Description

      I tried to use HttpClient to download this file:
      https://github.com/activescott/lessmsi/releases/download/v1.2.0/lessmsi-v1.2.0.zip

      My browser and other tools have no problem with it. HttpClient 4.3.6 is also fine, but 4.4 fails with this exception:

      javax.net.ssl.SSLPeerUnverifiedException: Host name 's3.amazonaws.com' does not match the certificate subject provided by the peer (CN=s3.amazonaws.com, O=Amazon.com Inc., L=Seattle, ST=Washington, C=US)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:466)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.apache.http.client.fluent.Request.execute(Request.java:151)
	at com.sg.maven.relpkg.UnpackUtil.unpackJDK(UnpackUtil.java:55)
	at com.sg.maven.relpkg.ReleasePackageBuilder.build(ReleasePackageBuilder.java:151)
	at com.sg.maven.relpkg.Main.main(Main.java:84)

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. HTTPCLIENT-1613 Support for so called 'private' domains in Mozilla Public Suffix List

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rcd Richard DiCroce
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: