[jira] [Resolved] (HTTPCLIENT-1410) AbstractVerifier.acceptableCountryWildcard check not strict enough

Thu, 03 Oct 2013 01:37:53 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1410.
-------------------------------------------

       Resolution: Fixed
    Fix Version/s: 4.3.1

The fact that browser do or do not do certain things does not prove or disprove 
anything. Browsers are known to do crazy stuff in order to maximize 
compatibility with all sorts of dodgy sites out there.

Anyhow I removed the check from the browser compatible verifier, which should 
resolve Sidney's problem. The behavior of the strict verifier will remain the 
same. 

Ideas how to improve the check are welcome. Maintaining a simple list of 
country specific top level domains might be the easiest to implement.

Please review / re-test

Oleg

> AbstractVerifier.acceptableCountryWildcard check not strict enough
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1410
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1410
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.3 Final
>            Reporter: Sidney Beekhoven
>            Priority: Minor
>             Fix For: 4.3.1
>
>
> I work at a company called info.nl in the Netherlands, so our domain is 
> info.nl. We have a wildcard certificate in use for several services, 
> *.info.nl.
> The AbstractVerifier has a method acceptableCountryWildcard which checks that 
> you don't use eg *.co.uk as the wildcard in the certificate. The second to 
> last domain part is checked against a fixed list, which includes info so our 
> wildcard is not accepted.
> Apparantly there are some countries where info.<countrycode> is seen as a top 
> level domain but that is not the case for the netherlands. So the check on 
> this is not strict enough and should also take into account the top level 
> domain.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to