[GitHub] [httpcomponents-client] michael-o commented on a change in pull request #203: HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier

Sat, 25 Jan 2020 14:38:25 -0800 

michael-o commented on a change in pull request #203: HTTPCLIENT-2047: fixed 
regression in DefaultHostnameVerifier
URL: 
https://github.com/apache/httpcomponents-client/pull/203#discussion_r370960205
 
 

 ##########
 File path: 
httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
 ##########
 @@ -417,4 +419,28 @@ public void testExtractCN() throws Exception {
         }
     }
 
+    @Test
+    public void testMatchDNSName() throws Exception {
+        DefaultHostnameVerifier.matchDNSName(
+                "host.domain.com",
+                Collections.singletonList(SubjectName.DNS("*.domain.com")),
+                publicSuffixMatcher);
+        DefaultHostnameVerifier.matchDNSName(
+                "host.xx",
+                Collections.singletonList(SubjectName.DNS("*.xx")),
+                publicSuffixMatcher);
+        DefaultHostnameVerifier.matchDNSName(
+                "host.appspot.com",
+                Collections.singletonList(SubjectName.DNS("*.appspot.com")),
+                publicSuffixMatcher);
+        DefaultHostnameVerifier.matchDNSName(
+                "demo-s3-bucket.s3.eu-central-1.amazonaws.com",
+                
Collections.singletonList(SubjectName.DNS("*.s3.eu-central-1.amazonaws.com")),
+                publicSuffixMatcher);
+        DefaultHostnameVerifier.matchDNSName(
+                "hostname-workspace-1.ops.domain.local",
+                
Collections.singletonList(SubjectName.DNS("hostname-workspace-1.ops.domain.local")),
 
 Review comment:
   Call me stupid, but 
[this](https://publicsuffix.org/list/public_suffix_list.dat) list does not 
include the `.local` domain and according to [RFC 6762, section 
3](https://tools.ietf.org/html/rfc6762#section-3) this hostname is invalid. 
only a single DNS label is allowed in the `.local` domain.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to