[HTTPCLIENT-613] https should check CN of x509 cert - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0 Alpha 1
Component/s: HttpClient (classic)
Labels:
None

Description

https should check CN of x509 cert

Since we're essentially rolling our own "HttpsURLConnection", the checking provided by "javax.net.ssl.HostnameVerifier" is no longer in place.

I have a patch I'm about to attach which caused both createSocket() methods on o.a.h.conn.ssl.SSLSocketFactory to blowup:

test1: javax.net.ssl.SSLException: hostname in certificate didn't match: <vancity.com> != <www.vancity.com>
test2: javax.net.ssl.SSLException: hostname in certificate didn't match: <vancity.com> != <www.vancity.com>

Hopefully people agree that this is desirable.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SSLSocketFactory.patch
06/Dec/06 04:29
5 kB
Julius Davies
SSLSocketFactory_improved.patch
08/Dec/06 01:43
7 kB
Julius Davies
SSLSocketFactory_best.patch
08/Dec/06 03:13
8 kB
Julius Davies

Activity

People

Assignee:: Unassigned

Reporter:: Julius Davies

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Dec/06 04:26

Updated:: 28/Jul/14 13:24

Resolved:: 08/Dec/06 16:05