On Wed, 2017-05-17 at 12:55 -0400, Hassan Khan wrote: > Thank oleg for the tip.. > > I did not change the connector till now.. but with APR itself I > starting > using the prod CA certificate that our company has... instead of the > self > signed certificate... > > With httpClient 3.1 all communication work fine. >
As I have already explained earlier. HC 3.x does _not_ do any hostname validation. It just does not. > But when I upgraded prod to use the new code having httpclient > 4.5.... I > get this exception in SSL handshake... > Certificate for XVT doesn't match any of the subject alternative > names: > ABC, GFD] > > So looks like I need to turn off the hostname verification in the > code or > update the Com[any certificate to have CN populated with the values. > No, you should rather make sure that the hostname and the cert presented by the server match. > I wanted to know what brought the need to have CN in every > Certificate > populated gong forward? > Eh, like, CN being mandatory for a cert, should be a good reason, should it not? Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
