[ http://issues.apache.org/jira/browse/HTTPCLIENT-613?page=comments#action_12456912 ] Martin van den Bemt commented on HTTPCLIENT-613: ------------------------------------------------
Sorry for the noise.. Completely missed issue 614.. > https should check CN of x509 cert > ---------------------------------- > > Key: HTTPCLIENT-613 > URL: http://issues.apache.org/jira/browse/HTTPCLIENT-613 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: Nightly Builds > Reporter: Julius Davies > Priority: Critical > Fix For: 4.0 Alpha 1 > > Attachments: SSLSocketFactory.patch, SSLSocketFactory_best.patch, > SSLSocketFactory_improved.patch > > > https should check CN of x509 cert > Since we're essentially rolling our own "HttpsURLConnection", the checking > provided by "javax.net.ssl.HostnameVerifier" is no longer in place. > I have a patch I'm about to attach which caused both createSocket() methods > on o.a.h.conn.ssl.SSLSocketFactory to blowup: > test1: javax.net.ssl.SSLException: hostname in certificate didn't match: > <vancity.com> != <www.vancity.com> > test2: javax.net.ssl.SSLException: hostname in certificate didn't match: > <vancity.com> != <www.vancity.com> > Hopefully people agree that this is desirable. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
