[ http://issues.apache.org/jira/browse/HTTPCLIENT-617?page=comments#action_12459735 ] Roland Weber commented on HTTPCLIENT-617: -----------------------------------------
Hi Julius, I'm not sure that an IP address is allowed to have anything but US-ASCII digits 0-9. And instead of hand-parsing, you could just use a precompiled regular expression... ;-) The "precompiled" is important here. If it's not precompiled, hand-parsing will definitely be more efficient. cheers, Roland > Hostname verification: turn off wildcards when CN is an IP address > ------------------------------------------------------------------- > > Key: HTTPCLIENT-617 > URL: http://issues.apache.org/jira/browse/HTTPCLIENT-617 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpConn > Affects Versions: Nightly Builds > Reporter: Julius Davies > Priority: Minor > > Hostname verification: turn off wildcards when CN is an IP address. This > is a further improvement on HTTPCLIENT-613 and HTTPCLIENT-614. > Example - don't allow: > CN=*.114.102.2 > I'm thinking of grabbing the substring following the final dot, and running > it through "Integer.parseInt()". If the NumberFormatException isn't thrown > (so Integer.parseInt() actually worked!), then I'll turn off wildcard > matching. Notice that this won't be a problem with IP6 addresses, since they > don't use dots. It's only a problem with IP4, where the meaning of the dots > clashes with dots in domain names. > Note: when I turn off wildcard matching, I still attempt an exact match with > the hostname. If through some weird mechanism the client is actually able to > use a hostname such as "https://*.114.102.2/";, then they will be okay if > that's what the certificate on the server contains. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
