Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
4.5.11
-
None
-
None
-
None
Description
This seems to be a problem that's introduced in 4.5.11. DefaultHostnameVerifier does not verify local DNS names anymore and throws the following error for one of our certs. The same code works fine in 4.5.10.
Certificate for <app-uat.le.dp.xyz.local> doesn't match any of the subject alternative names: [app-uat.le.dp.xyz.local, C1234.LE.DP.XYZ.LOCAL] executing POST https://app-uat.le.dp.xyz.local:8443/someurl
I traced the issue down to org.apache.http.conn.ssl.DefaultHostnameVerifier#matchIdentity line 204 where publicSuffixMatcher.getDomainRoot(identity, domainType) returns null for app-uat.le.dp.xyz.local where as in version 4.5.10 it returns "local".
Attached maven project has a unit test that uses a self signed cert to exhibit the problem. I've included both the cert and the file that I used to create the cert.
Attachments
Attachments
Issue Links
- duplicates
-
HTTPCLIENT-2047 Regression in default HTTP Client construction for non-public hostnames
- Resolved