Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
4.4.1
-
None
Description
The "maps.googleapis.com" server currently presents the following certificate:
chain [0] = [ [ Version: V3 Subject: CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 24603438786799829993648986678019724241291765107767178256438229769255639603630079287976600644587296195855281469059079095367693219326954103920400266180383714041264052001835821459859979062309981001645460419612216568125600250057216485831813121470478703938651527074889693548670323978511118184793624149312062021697081807052679954878936237623840471166038329237994080148923456402909798064024275285184248122957449662230743505636400659699969523942248493865256228640211859299202173559659130845208610068933123027284385426267851138391278103759929777510485659786801300351957512079336462523079107001753896874655730331898039986696973 public exponent: 65537 Validity: [From: Wed May 06 02:59:24 PDT 2015, To: Mon Aug 03 17:00:00 PDT 2015] Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US SerialNumber: [ 61dbc852 b477cf78] Certificate Extensions: 8 ... [7]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: *.storage.googleapis.com DNSName: *.commondatastorage.googleapis.com DNSName: *.googleapis.com ]
The "googleapis.com" name is in the "mozilla/public-suffix-list.txt" file which is used by the PublicSuffixMatcher class to help parse DNS names.
As the following test case demonstrates, this causes validation of the Google certificate to fail:
@Test public void testGoogleSubjectAlternativeNames() throws Exception { DefaultHostnameVerifier.matchDNSName("maps.googleapis.com", Arrays.asList( "*.storage.googleapis.com", "*.commondatastorage.googleapis.com", "*.googleapis.com"), new PublicSuffixMatcher(Collections.singleton("googleapis.com"), Collections.<String>emptySet())); }
This is a serious regression as it prevents secure connections to Google APIs.
Attachments
Issue Links
- duplicates
-
HTTPCLIENT-1613 Support for so called 'private' domains in Mozilla Public Suffix List
- Closed