[
https://issues.apache.org/jira/browse/HTTPCLIENT-1051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski updated HTTPCLIENT-1051:
------------------------------------------
Priority: Minor (was: Blocker)
I am not able to reproduce the problem. SSL connections to remote peers pass
the default host name verification.
---
executing requestGET https://www.verisign.com/ HTTP/1.1
[DEBUG] SingleClientConnManager - Get connection for route
HttpRoute[{s}->https://www.verisign.com]
[DEBUG] DefaultClientConnectionOperator - Connecting to
www.verisign.com/69.58.181.89:443
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] DefaultHttpClient - Attempt 1 to execute request
[DEBUG] DefaultClientConnection - Sending request: GET / HTTP/1.1
[DEBUG] headers - >> GET / HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.1 (java 1.5)
[DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1 200 OK
[DEBUG] headers - << HTTP/1.1 200 OK
[DEBUG] headers - << Date: Thu, 03 Feb 2011 20:14:35 GMT
[DEBUG] headers - << Server: Apache
[DEBUG] headers - << Set-Cookie: v1st=D732270AE4FC9F76; path=/; expires=Wed, 19
Feb 2020 14:28:00 GMT; domain=.verisign.com
[DEBUG] headers - << Set-Cookie: v1st=D732270AE4FC9F76; path=/; expires=Wed, 19
Feb 2020 14:28:00 GMT; domain=.verisign.com
[DEBUG] headers - << X-Powered-By: PHP/5.2.13
[DEBUG] headers - << Keep-Alive: timeout=5, max=100
[DEBUG] headers - << Connection: Keep-Alive
[DEBUG] headers - << Transfer-Encoding: chunked
[DEBUG] headers - << Content-Type: text/html
[DEBUG] ResponseProcessCookies - Cookie accepted: "[version: 0][name:
v1st][value: D732270AE4FC9F76][domain: .verisign.com][path: /][expiry: Wed Feb
19 15:28:00 GMT+01:00 2020]".
[DEBUG] ResponseProcessCookies - Cookie accepted: "[version: 0][name:
v1st][value: D732270AE4FC9F76][domain: .verisign.com][path: /][expiry: Wed Feb
19 15:28:00 GMT+01:00 2020]".
[DEBUG] DefaultHttpClient - Connection can be kept alive for 5000 MILLISECONDS
----------------------------------------
HTTP/1.1 200 OK
Response content length: -1
[DEBUG] SingleClientConnManager - Releasing connection
org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@15ad5c6
[DEBUG] DefaultClientConnection - Connection shut down
---
Are you using a custom SSL socket factory by any chance? Does it implement the
LayeredSchemeSocketFactory interface?
Oleg
> SSL connections cannot be established using resolvable IP address
> -----------------------------------------------------------------
>
> Key: HTTPCLIENT-1051
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1051
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpConn
> Affects Versions: 4.1 Final
> Reporter: Alex Dupre
> Priority: Minor
>
> HttpClient 4.1 introduced a regression in establishing SSL connections to
> remote peers (it seems this is a common regression for major httpclient
> updates, see HTTPCLIENT-803).
> The new SSLSocketFactory.connectSocket method calls the X509HostnameVerifier
> with InetSocketAddress.getHostName() parameter. When the selected IP address
> has a reverse lookup name, the verifier is called with the resolved name, and
> so the IP check fails.
> 4.0 release checked for original ip/hostname, but this cannot be done with
> the new connectSocket() method.
> The TestHostnameVerifier.java only checks 127.0.0.1/.2 and so masked the
> issue, because the matching certificate has both "localhost" and "127.0.0.1",
> but actually only "localhost" is matched. A test case with 8.8.8.8 would be
> better.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
