Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-2058

DefaultHostnameVerifier does not verify local DNS names

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 4.5.11
    • None
    • None
    • None

    Description

      This seems to be a problem that's introduced in 4.5.11. DefaultHostnameVerifier does not verify local DNS names anymore and throws the following error for one of our certs. The same code works fine in 4.5.10. 

      Certificate for <app-uat.le.dp.xyz.local> doesn't match any of the subject alternative names: [app-uat.le.dp.xyz.local, C1234.LE.DP.XYZ.LOCAL] executing POST https://app-uat.le.dp.xyz.local:8443/someurl

      I traced the issue down to org.apache.http.conn.ssl.DefaultHostnameVerifier#matchIdentity line 204 where publicSuffixMatcher.getDomainRoot(identity, domainType) returns null for app-uat.le.dp.xyz.local where as in version 4.5.10 it returns "local". 

      Attached maven project has a unit test that uses a self signed cert to exhibit the problem. I've included both the cert and the file that I used to create the cert.

      Attachments

        1. httpcomponentsbug.zip
          12 kB
          Farzad Kohantorabi

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. HTTPCLIENT-2047 Regression in default HTTP Client construction for non-public hostnames

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              fkohant Farzad Kohantorabi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: