[ http://issues.apache.org/jira/browse/HTTPCLIENT-617?page=comments#action_12459728 ] Roland Weber commented on HTTPCLIENT-617: -----------------------------------------
Hi Julius, throwing an exception is generally a very expensive operation. Code that throws and catches exceptions in the normal course of operations is _highly_ questionable. This is HttpClient 4.x, so the prerequisite is Java 1.4 which already supports regular expressions. If you have to check a string for a format as simple as this, please use a precompiled regular expression. If you're not familiar with the regexp format, I'll help you out. cheers, Roland > Hostname verification: turn off wildcards when CN is an IP address > ------------------------------------------------------------------- > > Key: HTTPCLIENT-617 > URL: http://issues.apache.org/jira/browse/HTTPCLIENT-617 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpConn > Affects Versions: Nightly Builds > Reporter: Julius Davies > Priority: Minor > > Hostname verification: turn off wildcards when CN is an IP address. This > is a further improvement on HTTPCLIENT-613 and HTTPCLIENT-614. > Example - don't allow: > CN=*.114.102.2 > I'm thinking of grabbing the substring following the final dot, and running > it through "Integer.parseInt()". If the NumberFormatException isn't thrown > (so Integer.parseInt() actually worked!), then I'll turn off wildcard > matching. Notice that this won't be a problem with IP6 addresses, since they > don't use dots. It's only a problem with IP4, where the meaning of the dots > clashes with dots in domain names. > Note: when I turn off wildcard matching, I still attempt an exact match with > the hostname. If through some weird mechanism the client is actually able to > use a hostname such as "https://*.114.102.2/";, then they will be okay if > that's what the certificate on the server contains. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
