Hello, The code for the ZKHostnameVerifier is copied from Apache HttpClient and the bug has been fixed there in this issue https://issues.apache.org/jira/browse/HTTPCLIENT-1906 (commit https://github.com/apache/httpcomponents-client/commit/56cc24525e5ba2a5ef8fa0de2385687e83589a71 )
Missing the above fix will cause a valid certificate to be rejected in case the certificate contains other alternative subject names than DNS or IP, for example OID 1.3.6.1.5.2.2 - KRB5PrincipalName and/or OID 1.3.6.1.4.1.311.20.2.3 - User Principal Name (UPN) . It would be better not to need the copy pasting as there are several other commits to that HostNameVerifier that have not been applied to the ZKHostNameVerifier so there may exist other conditions too where ZKHostNameVerifier does not work as expected. Also, the Java Doc says that the code is copied from the HttpClient but does not canonically reference the class which it came from. Brgs, Sampo Saarela Software developer RELEX Solutions Postintaival 7, 00230 Helsinki, Finland mobile +358505676044 email sampo.saar...@relexsolutions.com website www.relexsolutions.com<http://www.relexsolutions.com> [1519052712238_image003.png] plan better - sell more - waste less
