[
https://issues.apache.org/jira/browse/HTTPCLIENT-1549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1549.
-------------------------------------------
Resolution: Fixed
Fix Version/s: 4.4 Alpha2
Already fixed in SVN trunk
http://svn.apache.org/viewvc?view=revision&revision=1618698
http://svn.apache.org/viewvc?view=revision&revision=1618867
Please note the redesign / rewrite of the hostname verification APIs / code is
still ongoing, so things may still change drastically before 4.4 GA release.
Oleg
> CVE-2014-3577 patch may not be RFC-compliant
> --------------------------------------------
>
> Key: HTTPCLIENT-1549
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1549
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3.5
> Reporter: David Jorm
> Priority: Minor
> Fix For: 4.4 Alpha2
>
>
> The fix for CVE-2014-3577 may not be RFC-compliant:
> http://svn.apache.org/viewvc?view=revision&revision=1614065
> RFC 2818 says that "the (most specific) Common Name field in the Subject
> field of the certificate MUST be used". I'm not sure if the most specific is
> the right most or the left most, but I don't believe it should pick multiple
> CN values from the certificate subject. Please let me know if this analysis
> is accurate.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
