You are right.. Thanks.. It was kinda of a wrong question to ask ... On Thu, May 18, 2017 at 3:35 AM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Wed, 2017-05-17 at 12:55 -0400, Hassan Khan wrote: > > Thank oleg for the tip.. > > > > I did not change the connector till now.. but with APR itself I > > starting > > using the prod CA certificate that our company has... instead of the > > self > > signed certificate... > > > > With httpClient 3.1 all communication work fine. > > > > As I have already explained earlier. HC 3.x does _not_ do any hostname > validation. It just does not. > > > But when I upgraded prod to use the new code having httpclient > > 4.5.... I > > get this exception in SSL handshake... > > Certificate for XVT doesn't match any of the subject alternative > > names: > > ABC, GFD] > > > > So looks like I need to turn off the hostname verification in the > > code or > > update the Com[any certificate to have CN populated with the values. > > > > No, you should rather make sure that the hostname and the cert > presented by the server match. > > > > I wanted to know what brought the need to have CN in every > > Certificate > > populated gong forward? > > > > Eh, like, CN being mandatory for a cert, should be a good reason, > should it not? > > Oleg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > -- Hassan Khan