[
https://issues.apache.org/jira/browse/HTTPCLIENT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13784120#comment-13784120
]
Sidney Beekhoven commented on HTTPCLIENT-1410:
----------------------------------------------
Perhaps the only correct way to do this is by using a list like
http://publicsuffix.org/list/, with the disadvantage that that list gets
outdated if you include it in the jar(s).
> AbstractVerifier.acceptableCountryWildcard check not strict enough
> ------------------------------------------------------------------
>
> Key: HTTPCLIENT-1410
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1410
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3 Final
> Reporter: Sidney Beekhoven
>
> I work at a company called info.nl in the Netherlands, so our domain is
> info.nl. We have a wildcard certificate in use for several services,
> *.info.nl.
> The AbstractVerifier has a method acceptableCountryWildcard which checks that
> you don't use eg *.co.uk as the wildcard in the certificate. The second to
> last domain part is checked against a fixed list, which includes info so our
> wildcard is not accepted.
> Apparantly there are some countries where info.<countrycode> is seen as a top
> level domain but that is not the case for the netherlands. So the check on
> this is not strict enough and should also take into account the top level
> domain.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
