On Mon, 2020-01-20 at 11:49 +0000, Daniel wrote: > Hi folks 👋 > > I believe the recent change to > https://github.com/apache/httpcomponents-client/pull/198 broke > validation > for private domains. > The domain type is now forced to ICANN. In my scenario this causes a > valid > cert check for foo.bar to fail because bar is not part of the > PublicSuffixMatcher rules forcing the getDomainRoot to return a null > object > and thus failing validation in the matchDomainRoot method.
Could you please provide us with the exact domain name, the cert CN and alternative subject names, or better yet add a test case that passes with 4.5.10 and fails with 4.5.11? https://github.com/apache/httpcomponents-client/blob/4.5.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
