[
https://issues.apache.org/jira/browse/HTTPCLIENT-2111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-2111.
-------------------------------------------
Resolution: Invalid
> DefaultHostnameVerifier fails with "doesn't match any of the subject
> alternative names"
> ---------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2111
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2111
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.5.12
> Reporter: Nikhil Gahlot
> Priority: Major
>
> In httpclient 4.5.6, DefaultHostnameVerifier explicitly checks for dots(.) in
> the hostname (excluding domain/sub-domain). This causes hostnames like
> abc.xyz.mno.pqr.dev.local to fail on certificate with SAN wild card
> *.dev.local. I am using certificate with CN = *.dev.local and SAN =
> *.dev.local. Below is error I am getting.
> {code:java}
> javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> <abc.xyz.mno.pqr.dev.local> doesn't match any of the subject alternative
> names: [*.dev.local]{code}
> I tested with 4.5.12 as well as 5.0.1 but getting the same error. Can someone
> recommend a good way to resolve this?
>
> DefaultHostnameVerifier.matchIdentity()
>
> {code:java}
> // Additional sanity checks on content selected by wildcard can be done here
> if (strict) {
> final String remainder = host.substring(
> prefix.length(), host.length() - suffix.length());
> if (remainder.contains(".")) {
> return false;
> }
> }
> {code}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
