[
https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13579247#comment-13579247
]
John Vasileff commented on HTTPCLIENT-1119:
-------------------------------------------
Oleg, thanks, it's good to know that there is an easy work around for
developers using the library.
But that doesn't really help users of all of the apps that use the library. It
is unrealistic, even for a developer, to patch or run custom builds of all apps
that use HttpClient.
I'm sure developers of the numerous apps using HttpClient are mostly not aware
of SNI issues. Even for the ones that are, requiring Java 7 or including a bit
of ugliness and the work involved is being pushed down to thousands of apps
rather than being addressed in one place.
If this affects a fair number of Android apps, I'd have to agree with Josef
that this is a huge issue. In my quick research after trying to deploy some
internal SNI https sites, it seems most major platforms newer than Windows XP
support SNI today. IP addresses are harder and harder to come by, and it sure
would be nice to be able to use SNI.
John
p.s. - I came across this issue when trying to deploy a maven repository behind
SNI/https.
> Server Name Indication (SNI) Support
> ------------------------------------
>
> Key: HTTPCLIENT-1119
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Reporter: Gus Power
> Labels: sni, ssl, tls, vhost
> Fix For: Future
>
> Attachments:
> HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546
> (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL
> using http client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match:
> <expectedhost> != <defaulthost>
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to
> automatically test host access and availability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
