[HTTPCLIENT-2280] HostnameVerifier does not support using IP address in CN - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Invalid
Affects Version/s: 5.0.4
Fix Version/s: None
Component/s: None
Labels:
None

Description

Hi,
we are migrating from the 4.x client to 5.x and noticed that the behavior of the DefaultHostnameVerifier changed. Since ~~HTTPCLIENT-2149~~ https://github.com/apache/httpcomponents-client/pull/302 the HostnameVerifier does no longer accept certificates with an ip address in its CN and with no subject alts. Verification fails with "Certificate for <127.0.0.1> doesn't match any of the subject alternative names: []".

I know using ip addresses in the CN is not really recommended or good practice, but I also see no reason to not use the `matchCN` fallback in this case. The functionality was probably just removed by accident with ~~HTTPCLIENT-2149~~.

I will open A github PR with my proposed solution once I know the number of this issue

Attachments

Issue Links

is caused by

HTTPCLIENT-2149 DefaultHostnameVerifier should use CN matching when no dNSName present

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Yannick Dylla

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Jun/23 14:00

Updated:: 21/Jun/23 14:51

Resolved:: 21/Jun/23 14:50

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m