On Thu, 2014-08-21 at 17:50 +0200, Dirk-Willem van Gulik wrote: > Op 21 aug. 2014, om 15:26 heeft Oleg Kalnichevski <[email protected]> het > volgende geschreven: > > > I have pretty much completely rewritten every bit of code related to > > hostname verification in SVN trunk. > > > > https://github.com/apache/httpclient/tree/268d6cc113b305addc4a31a70bd7c3b6d545e337/httpclient/src/main/java/org/apache/http/conn/ssl > > > > I would truly appreciate someone doing a peer review of the changes > > and / or giving me feedback with regards to further improvements. > > Looks good. Couple of thoughts >
Continued. > - BAD_COUNTRY_2LDS, BAD_COUNTRY_WILDCARD_PATTERN > > My guess is that longer term you will get too many specials - and the end > game is parsing something like https://publicsuffix.org/ and specifically > Would you recommend the file be retrieved at runtime dynamically or shipped with the application as a static resource (and updated with every public release)? > about revil regexes slipping in (e.g. ReDoS); and then causing some sort of > exhaustion*. > > - countDots function > > Prolly no longer used. > Not need and should have never been a part of public APIs in the first place but we need to keep it for full backward compatibility. Thank you once again. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
