Nikhil Gahlot created HTTPCLIENT-2111:
-----------------------------------------
Summary: DefaultHostnameVerifier fails with "doesn't match any of
the subject alternative names"
Key: HTTPCLIENT-2111
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2111
Project: HttpComponents HttpClient
Issue Type: Bug
Affects Versions: 4.5.12
Reporter: Nikhil Gahlot
In httpclient 4.5.6, DefaultHostnameVerifier explicitly checks for dots(.) in
the hostname (excluding domain/sub-domain). This causes hostnames like
abc.xyz.mno.pqr.dev.local to fail on certificate with SAN wild card
*.dev.local. I am using certificate with CN = *.dev.local and SAN =
*.dev.local. Below is error I am getting.
{code:java}
javax.net.ssl.SSLPeerUnverifiedException: Certificate for
<abc.xyz.mno.pqr.dev.local> doesn't match any of the subject alternative names:
[*.dev.local]{code}
I tested with 4.5.12 as well as 5.0.1 but getting the same error. Can someone
recommend a good way to resolve this?
DefaultHostnameVerifier.matchIdentity()
{code:java}
// Additional sanity checks on content selected by wildcard can be done here
if (strict) {
final String remainder = host.substring(
prefix.length(), host.length() - suffix.length());
if (remainder.contains(".")) {
return false;
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
