Hi everyone,
I'm working on a new project using a java 8 context with springboot. We are
working into securized envs using SSL certification, but i've some trouble with
the widlcards ! I'm working with the library 4.5.9
In the method "matchIdentity" in the "DefaultHostnameVerifier" has a problem.
static boolean matchDomainRoot(final String host, final String domainRoot) {
if (domainRoot == null) {
return false;
}
return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
|| host.charAt(host.length() - domainRoot.length() - 1) == '.');
}
"host.endsWith(domainRoot)" is did before wildcar treatment, so any match found
and an error is throw after in the processe.
I explain :
url "xxx.yyy.zzz"
in certificate "*.yyy.zzz"
endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
But it doesn't, because of wildcars wasn't took of.
I haven't see any bugs for this, so it was i send this mail ton confirm if it
was a bug and ask for correction if it is !
Thanksfully,
Axel.
