Could you try with a more recent version of CXF than 3.0.7? I have a feel that issue was subsequently fixed.
Colm. On Fri, Jun 2, 2017 at 12:06 PM, Thomas Wilkin <[email protected]> wrote: > Hi, > > I am using the CXF library (version 3.0.7) to communicate with SSL > protected web service end points inside my organisation. However when I try > and connect to them I am getting an error message due to hostname > verification. I have looked into the code and I have identified the failure > is being caused by the check on the result of the "countDots" method as > follows: > if (strict && countDots(identity) != countDots(domainRoot)) { > return false; > } > > In my case the identify variable follows this pattern: > hostname.windows_domain.my_company.com > The domainRoot variable follows this pattern: > .my_company.com > The failure is happening because the former contains 3 dots and the latter > contains just 2. > > Is there any way I can prevent it from performing the strict check, and > not take this code path? > My stack trace is as follows: > DefaultHostnameVerifier.matchIdentity(String, String, > PublicSuffixMatcher, Boolean) line:182 > DefaultHostnameVerifier.matchIdentityStrict(String, String, > PublicSuffixMatcher) line: 241 > DefaultHostnameVerifier.matchDNSName(String, List<String>, > PublicSuffixMatcher) line: 148 > DefaultHostnameVerifier.verify(String, X509Certificate) line: 103 > DefaultHostnameVerifier.verify(String, SSLSession) line: 81 > AsyncHTTPConduit$AsyncWrappedOutputStream$5.verifySession(HttpHost, > IOSession, SSLSession) line: 536 > SSLIOSessionStrategy$1.verify(IOSession, SSLSession) line: 140 > As you can see the Boolean for the strict checked is not something I seem > to have any control over as the "matchIdentityStrict" method is called by > "matchDNSName" directly. > > Regards, > Tom > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
