[
https://issues.apache.org/jira/browse/HTTPCLIENT-2058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Farzad Kohantorabi updated HTTPCLIENT-2058:
-------------------------------------------
Description:
This seems to be a problem that's introduced in 4.5.11. DefaultHostnameVerifier
does not verify local DNS names anymore and throws the following error for one
of our certs. The same code works fine in 4.5.10.
{code:java}
Certificate for <app-uat.le.dp.xyz.local> doesn't match any of the subject
alternative names: [app-uat.le.dp.xyz.local, C1234.LE.DP.XYZ.LOCAL] executing
POST https://app-uat.le.dp.xyz.local:8443/someurl {code}
I traced the issue down to
org.apache.http.conn.ssl.DefaultHostnameVerifier#matchIdentity line 204 where
publicSuffixMatcher.getDomainRoot(identity, domainType) returns null for
app-uat.le.dp.xyz.local where as in version 4.5.10 it returns "local".
Attached maven project has a unit test that uses a self signed cert to exhibit
the problem. I've included both the cert and the file that I used to create the
cert.
was:
This seems to be a problem that's introduced in 4.5.11. DefaultHostnameVerifier
does not verify local DNS names against certs anymore and throws the following
error for one of our certs. The same code works fine in 4.5.10.
{code:java}
Certificate for <app-uat.le.dp.xyz.local> doesn't match any of the subject
alternative names: [app-uat.le.dp.xyz.local, C1234.LE.DP.XYZ.LOCAL] executing
POST https://app-uat.le.dp.xyz.local:8443/someurl {code}
I traced the issue down to
org.apache.http.conn.ssl.DefaultHostnameVerifier#matchIdentity line 204 where
publicSuffixMatcher.getDomainRoot(identity, domainType) returns null for
app-uat.le.dp.xyz.local where as in version 4.5.10 it returns "local".
> DefaultHostnameVerifier does not verify local DNS names
> -------------------------------------------------------
>
> Key: HTTPCLIENT-2058
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2058
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.5.11
> Reporter: Farzad Kohantorabi
> Priority: Major
> Attachments: httpcomponentsbug.zip
>
>
> This seems to be a problem that's introduced in 4.5.11.
> DefaultHostnameVerifier does not verify local DNS names anymore and throws
> the following error for one of our certs. The same code works fine in 4.5.10.
> {code:java}
> Certificate for <app-uat.le.dp.xyz.local> doesn't match any of the subject
> alternative names: [app-uat.le.dp.xyz.local, C1234.LE.DP.XYZ.LOCAL] executing
> POST https://app-uat.le.dp.xyz.local:8443/someurl {code}
> I traced the issue down to
> org.apache.http.conn.ssl.DefaultHostnameVerifier#matchIdentity line 204 where
> publicSuffixMatcher.getDomainRoot(identity, domainType) returns null for
> app-uat.le.dp.xyz.local where as in version 4.5.10 it returns "local".
> Attached maven project has a unit test that uses a self signed cert to
> exhibit the problem. I've included both the cert and the file that I used to
> create the cert.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
