Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-613

https should check CN of x509 cert

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • None
    • 4.0 Alpha 1
    • HttpClient (classic)
    • None

    Description

      https should check CN of x509 cert

      Since we're essentially rolling our own "HttpsURLConnection", the checking provided by "javax.net.ssl.HostnameVerifier" is no longer in place.

      I have a patch I'm about to attach which caused both createSocket() methods on o.a.h.conn.ssl.SSLSocketFactory to blowup:

      test1: javax.net.ssl.SSLException: hostname in certificate didn't match: <vancity.com> != <www.vancity.com>
      test2: javax.net.ssl.SSLException: hostname in certificate didn't match: <vancity.com> != <www.vancity.com>

      Hopefully people agree that this is desirable.

      Attachments

        1. SSLSocketFactory.patch
          5 kB
          Julius Davies
        2. SSLSocketFactory_improved.patch
          7 kB
          Julius Davies
        3. SSLSocketFactory_best.patch
          8 kB
          Julius Davies

        Activity

          People

            Unassigned Unassigned
            juliusdavies Julius Davies
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: