ok2c commented on a change in pull request #302:
URL:
https://github.com/apache/httpcomponents-client/pull/302#discussion_r610844241
##########
File path:
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java
##########
@@ -114,18 +114,15 @@ public void verify(
matchIPv6Address(host, subjectAlts);
break;
default:
- matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
+ // In case there are no SubjectName.DNS entries, fallback
to CN matching
Review comment:
> Perhaps the code could be clearer if we only collected either IP or
DNS entries depending on the HostNameType?
@peterdettman This is what I was trying to hint at. I really do not
understand why there should be multiple invocations of `#matchCN`. Please
refactor the code to make the execution flow as well as the intent of your
changes a bit easier to understand.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
