[
https://issues.apache.org/jira/browse/HTTPCLIENT-2365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17939658#comment-17939658
]
ASF subversion and git services commented on HTTPCLIENT-2365:
-------------------------------------------------------------
Commit a06030afac030b83c2c9687b6314fbaeae323f96 in httpcomponents-client's
branch refs/heads/master from Oleg Kalnichevski
[ https://gitbox.apache.org/repos/asf?p=httpcomponents-client.git;h=a06030afa ]
HTTPCLIENT-2365, regression: corrected handling of private domains by
PublicSuffixMatcher
> S3 host certificate throws SSLPeerUnverifiedException
> -----------------------------------------------------
>
> Key: HTTPCLIENT-2365
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2365
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 5.4.3
> Reporter: Leonard Ehrenfried
> Assignee: Oleg Kalnichevski
> Priority: Major
> Fix For: 5.4.4
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Fetching data with a GET request from an AWS S3 URL fails with the following
> exception:
> {noformat}
> Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for
> <s3.amazonaws.com> doesn't match any of the subject alternative names:
> [s3.amazonaws.com, *.s3.amazonaws.com,
> *.s3.dualstack.us-east-1.amazonaws.com, s3.dualstack.us-east-1.amazonaws.com,
> *.s3.us-east-1.amazonaws.com, s3.us-east-1.amazonaws.com,
> *.s3-control.us-east-1.amazonaws.com, s3-control.us-east-1.amazonaws.com,
> *.s3-control.dualstack.us-east-1.amazonaws.com,
> s3-control.dualstack.us-east-1.amazonaws.com,
> *.s3-accesspoint.us-east-1.amazonaws.com,
> *.s3-accesspoint.dualstack.us-east-1.amazonaws.com,
> *.s3-deprecated.us-east-1.amazonaws.com,
> s3-deprecated.us-east-1.amazonaws.com, s3-external-1.amazonaws.com,
> *.s3-external-1.amazonaws.com, s3-external-2.amazonaws.com,
> *.s3-external-2.amazonaws.com]
> at
> org.apache.hc.client5.http.ssl.DefaultHostnameVerifier.matchDNSName(DefaultHostnameVerifier.java:172)
> at
> org.apache.hc.client5.http.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:130)
> at
> org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.verifySession(AbstractClientTlsStrategy.java:316)
> at
> org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.verifySession(AbstractClientTlsStrategy.java:194)
> at
> org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.executeHandshake(AbstractClientTlsStrategy.java:253)
> at
> org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:210)
> at
> org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
> at
> org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:231)
> at
> org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:490)
> at
> org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:164)
> at
> org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:174)
> at
> org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:144)
> at
> org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:192)
> at
> org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:150)
> at
> org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113)
> at
> org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:110)
> at
> org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
> at
> org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:183)
> at
> org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245)
> at
> org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188)
> at
> org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162)
> at
> org.opentripplanner.framework.io.OtpHttpClient.executeAndMapWithResponseHandler(OtpHttpClient.java:302)
> ... 14 common frames omitted
> {noformat}
> A URL to reproduce this with is
> [https://s3.amazonaws.com/kcm-alerts-realtime-prod/vehiclepositions.pb]
> When I downgrade to 5.4.2 the URL can be downloaded without a problem.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
