[
https://issues.apache.org/jira/browse/HTTPCLIENT-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1316.
-------------------------------------------
Resolution: Fixed
Fix Version/s: (was: Future)
4.3 Alpha2
> Certificate verification rejects IPv6 addresses which are not String-equal
> --------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1316
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1316
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpConn
> Affects Versions: 4.2.3
> Reporter: James Livingston
> Fix For: 4.3 Alpha2
>
> Attachments: HTTPCLIENT-1316.patch
>
>
> org.apache.http.conn.ssl.AbstractVerifier.verify() does not correctly handle
> host name verification when IPv6 addresses are used, as it simply does a
> string equality check when doWildcard is false.
> http://tools.ietf.org/html/rfc5952#section-3.2.5 specifically mentions X.509
> certificates as an example when textual comparison of IPv6 addresses is not
> correct. Examples of incorrect behaviour are with:
> * leading zeroes
> * zero compression
> * case insensitivity
> For example if you have a SSL certificate for the IP address
> 2001:0db8:aaaa:bbbb:cccc:0:0:0001, the alternative representation of
> 2001:db8:AAAA:bbbb:cccc::1 should be accepted as a match.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
