fan2 created HTTPCLIENT-2247:
--------------------------------
Summary: SSLPeerUnverifiedException on matching wildcard
certificate (US20 amazon)
Key: HTTPCLIENT-2247
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2247
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 4.5.13
Reporter: fan2
In version 4.5.13, the following code piece will throw
SSLPeerUnverifiedException. If the host change to
"ec2.us-east-1.compute-1.amazonaws.com" and DNS change to
"*.us-east-1.compute-1.amazonaws.com", then the exception is gone.
{code:java}
List<SubjectName> subjectAlts = new ArrayList<>();
PublicSuffixMatcher publicSuffixMatcher =
PublicSuffixMatcherLoader.getDefault();
// assume a certificate with multiple SANs, some of which might contain
wildcards
String host = "ec2.compute-1.amazonaws.com";
subjectAlts.add(SubjectName.DNS("*.compute-1.amazonaws.com"));
try {
DefaultHostnameVerifier.matchDNSName(host, subjectAlts, publicSuffixMatcher);
}
catch (Exception e) {
System.out.println(e);
}
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
