Uploaded image for project: 'Commons Net'
  1. Commons Net
  2. NET-579

SSL/TLS SocketClients do not verify the hostname against the certificate

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 3.3
    • 3.4
    • FTP, IMAP, POP3, SMTP
    • Java 1.7 (earlier versions cannot verify the hostname)

    • Patch

    Description

      Every subclass of SocketClient that does SSL/TLS will never verify the hostname of the server against the certificate. This means that any valid certificate for any CA in the default trust store will be accepted without error.

      SocketClient should be modified to store the hostname, and SMTPSClient/FTPSClient/IMAPSClient/POP3SClient should use it when negotiating SSL/TLS.

      Java 1.7 has support for verifying the hostname if SSLParameters.setEndpointIdentificationAlgorithm("HTTPS") is used.

      Attachments

        1. NET-579_2.patch
          24 kB
          Simon Arlott
        2. NET-579.patch
          7 kB
          Simon Arlott

        Activity

          People

            Unassigned Unassigned
            simonarlott Simon Arlott
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified