[jira] [Created] (HTTPCLIENT-1906) HttpClient rejects valid certificates with subjectAltNames

Andy Signer (JIRA) Thu, 22 Feb 2018 13:27:11 -0800

Andy Signer created HTTPCLIENT-1906:
---------------------------------------


             Summary: HttpClient rejects valid certificates with subjectAltNames
                 Key: HTTPCLIENT-1906
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1906
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient (classic)
    Affects Versions: 5.0 Alpha2, 4.5.3
            Reporter: Andy Signer


A certificate containing only an email address (declared as rfc822Name) in 
subjectAltName gets rejected. This change was introduced with HTTPCLIENT-1802.

HttpClient should fall back onto CN for hostname verification instead of 
rejecting the certificate as invalid.

A unit test demonstrating the issue: 
https://github.com/asigner/httpcomponents-client/commit/e2e5c422ad201fc4a4df07e05ffda522ed626008

See 
http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201802.mbox/%3cCAG5G_q+fh1p54gOO=_kln09+9rizcfxgpmfevue3iq3rp8i...@mail.gmail.com%3e



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HTTPCLIENT-1906) HttpClient rejects valid certificates with subjectAltNames

Reply via email to