Andy Signer created HTTPCLIENT-1906:
---------------------------------------
Summary: HttpClient rejects valid certificates with subjectAltNames
Key: HTTPCLIENT-1906
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1906
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 5.0 Alpha2, 4.5.3
Reporter: Andy Signer
A certificate containing only an email address (declared as rfc822Name) in
subjectAltName gets rejected. This change was introduced with HTTPCLIENT-1802.
HttpClient should fall back onto CN for hostname verification instead of
rejecting the certificate as invalid.
A unit test demonstrating the issue:
https://github.com/asigner/httpcomponents-client/commit/e2e5c422ad201fc4a4df07e05ffda522ed626008
See
http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201802.mbox/%3cCAG5G_q+fh1p54gOO=_kln09+9rizcfxgpmfevue3iq3rp8i...@mail.gmail.com%3e
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
