[
https://issues.apache.org/jira/browse/HTTPCLIENT-2247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17633449#comment-17633449
]
fan2 commented on HTTPCLIENT-2247:
----------------------------------
[~olegk] , *ec2.compute-1.amazonaws.com is the hostname in US-east-1 in
reality. And the issue does not exist in 4.5.3. I understand the matcher has
been changed since then. I still believe it is one issue of HTTPClient.*
> SSLPeerUnverifiedException on matching wildcard certificate (US20 amazon)
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-2247
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2247
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13
> Reporter: fan2
> Priority: Major
>
> In version 4.5.13, the following code piece will throw
> SSLPeerUnverifiedException. If the host change to
> "ec2.us-east-1.compute-1.amazonaws.com" and DNS change to
> "*.us-east-1.compute-1.amazonaws.com", then the exception is gone.
>
> {code:java}
> List<SubjectName> subjectAlts = new ArrayList<>();
> PublicSuffixMatcher publicSuffixMatcher =
> PublicSuffixMatcherLoader.getDefault();
> // assume a certificate with multiple SANs, some of which might contain
> wildcards
> String host = "ec2.compute-1.amazonaws.com";
> subjectAlts.add(SubjectName.DNS("*.compute-1.amazonaws.com"));
> try {
> DefaultHostnameVerifier.matchDNSName(host, subjectAlts, publicSuffixMatcher);
> }
> catch (Exception e) {
> System.out.println(e);
> }
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
