Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1698

Hostname verification fails when using URL with literal IPv6 address

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 4.4.1
    • 5.0 Alpha1
    • HttpClient (classic)
    • None

    Description

      Repro steps:

      1. Set up an HTTPS server with proper certificates (with the IPv6 address as a subject alternative name)
      2. Set up HttpClient with the DefaultHostnameVerifier
      3. Try to contact the server using the IPv6 address (in square brackets in accordance with RFC 2732) in the URL, something like: https://[2001:db8::2:1]:443/example

      Result:
      An SSLPeerUnverifiedException (note the square brackets):

       
Host name '[2001:db8::2:1]' does not match the certificate subject provided by the peer <redacted>

      Expected:
      The hostname verification to work (org.apache.http.conn.ssl.SSLConnectionSocketFactory should feed just the IP address, without square brackets, to the HostnameVerifier).

      Attachments

        Activity

          People

            Unassigned Unassigned
            jensborgland Jens Borgland
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: