Eron Wright created FLINK-5030:
-----------------------------------
Summary: Support hostname verification
Key: FLINK-5030
URL: https://issues.apache.org/jira/browse/FLINK-5030
Project: Flink
Issue Type: Sub-task
Reporter: Eron Wright
_See [Dangerous Code|http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf] and
[further
commentary|https://tersesystems.com/2014/03/23/fixing-hostname-verification/]
for useful background._
When hostname verification is performed, it should use the hostname (not IP
address) to match the certificate. The current code is wrongly using the
address.
In technical terms, ensure that calls to `SSLContext::createSSLEngine` supply
the expected hostname, not host address.
Please audit all SSL setup code as to whether hostname verification is enabled,
and file follow-ups where necessary. For example, Akka 2.4 supports it but
2.3 doesn't
([ref|http://doc.akka.io/docs/akka/2.4.4/scala/http/client-side/https-support.html#Hostname_verification]).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
