[
https://issues.apache.org/jira/browse/HTTPCLIENT-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15722658#comment-15722658
]
Jens Borgland commented on HTTPCLIENT-1792:
-------------------------------------------
[~olegk],
Well DefaultHostnameVerifier does but that exception is then caught (on row 92)
after which "false" is returned which causes SSLConnectionSocketFactory to
create the message I described (and since this is the message in the exception
returned to the calling code it's what ends up in logs unless we enable debug
logging for HttpClient).
https://github.com/apache/httpclient/blob/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java#L467
> Improve the error message when hostname verification fails
> ----------------------------------------------------------
>
> Key: HTTPCLIENT-1792
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1792
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient (classic)
> Affects Versions: 4.4.1
> Reporter: Jens Borgland
> Priority: Minor
>
> When hostname verification fails
> {{org.apache.http.conn.ssl.SSLConnectionSocketFactory}} will throw a
> {{SSLPeerUnverifiedException}} with a message like this:
> {noformat}
> Host name 'FOO' does not match the certificate subject provided by the peer
> (CN=BAR)
> {noformat}
> *Expected:*
> Including the _subject alternative names_, rather than the CN, in the message
> would be a lot more helpful when troubleshooting (and probably more correct
> since the use of CN matching is deprecated through RFC 2818).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
