[
https://issues.apache.org/jira/browse/HTTPCLIENT-2247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17633277#comment-17633277
]
ASF subversion and git services commented on HTTPCLIENT-2247:
-------------------------------------------------------------
Commit 0ca56358984a20eb2403b8db30ec074e4db5c77e in httpcomponents-client's
branch refs/heads/master from Oleg Kalnichevski
[ https://gitbox.apache.org/repos/asf?p=httpcomponents-client.git;h=0ca563589 ]
HTTPCLIENT-2247: Test cases to document present assumptions about the correct
handling of public domain suffixes
> SSLPeerUnverifiedException on matching wildcard certificate (US20 amazon)
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2247
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2247
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13
> Reporter: fan2
> Priority: Major
>
> In version 4.5.13, the following code piece will throw
> SSLPeerUnverifiedException. If the host change to
> "ec2.us-east-1.compute-1.amazonaws.com" and DNS change to
> "*.us-east-1.compute-1.amazonaws.com", then the exception is gone.
>
> {code:java}
> List<SubjectName> subjectAlts = new ArrayList<>();
> PublicSuffixMatcher publicSuffixMatcher =
> PublicSuffixMatcherLoader.getDefault();
> // assume a certificate with multiple SANs, some of which might contain
> wildcards
> String host = "ec2.compute-1.amazonaws.com";
> subjectAlts.add(SubjectName.DNS("*.compute-1.amazonaws.com"));
> try {
> DefaultHostnameVerifier.matchDNSName(host, subjectAlts, publicSuffixMatcher);
> }
> catch (Exception e) {
> System.out.println(e);
> }
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
