You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Gus Power (JIRA)" <ji...@apache.org> on 2011/08/24 14:19:29 UTC
[jira] [Created] (HTTPCLIENT-1119) Server Name Indication (SNI)
Support
Server Name Indication (SNI) Support
------------------------------------
Key: HTTPCLIENT-1119
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
Project: HttpComponents HttpClient
Issue Type: Improvement
Components: HttpClient
Reporter: Gus Power
Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http client results in an SSLException similar to:
javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
We use SNI on some of our environments and were trying to use httpclient to automatically test host access and availability.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1119) Server Name Indication (SNI)
Support
Posted by "Michael Locher (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Locher updated HTTPCLIENT-1119:
---------------------------------------
Attachment: HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
Support SNI on JDK 7 via reflective call to #setHost on concrete the SSLSocket instance.
sun.net.www.protocol.https.HttpsClient takes the same approach.
https://github.com/cmbntr/httpclient/commit/1f9898495624dbd10d5c12ae4e0ea9ea50071c85
> Server Name Indication (SNI) Support
> ------------------------------------
>
> Key: HTTPCLIENT-1119
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Reporter: Gus Power
> Labels: sni, ssl, tls, vhost
> Fix For: Future
>
> Attachments: HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically test host access and availability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1119) Server Name Indication (SNI)
Support
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1119:
------------------------------------------
Fix Version/s: Future
We happily take contributions.
Oleg
> Server Name Indication (SNI) Support
> ------------------------------------
>
> Key: HTTPCLIENT-1119
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Reporter: Gus Power
> Labels: sni, ssl, tls, vhost
> Fix For: Future
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically test host access and availability.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1119) Server Name Indication (SNI)
Support
Posted by "Alin Vasile (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13092433#comment-13092433 ]
Alin Vasile commented on HTTPCLIENT-1119:
-----------------------------------------
Can httpclient support this, since Java 1.5 & 1.6 don't support SNI?
> Server Name Indication (SNI) Support
> ------------------------------------
>
> Key: HTTPCLIENT-1119
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Reporter: Gus Power
> Labels: sni, ssl, tls, vhost
> Fix For: Future
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically test host access and availability.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1119) Server Name Indication (SNI)
Support
Posted by "Gary Gregory (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487813#comment-13487813 ]
Gary Gregory commented on HTTPCLIENT-1119:
------------------------------------------
I'm with Oleg, I'm not crazy about the reflection aspect.
> Server Name Indication (SNI) Support
> ------------------------------------
>
> Key: HTTPCLIENT-1119
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Reporter: Gus Power
> Labels: sni, ssl, tls, vhost
> Fix For: Future
>
> Attachments: HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically test host access and availability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1119) Server Name Indication (SNI)
Support
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487695#comment-13487695 ]
Oleg Kalnichevski commented on HTTPCLIENT-1119:
-----------------------------------------------
Hi Michael
It is a good quality patch, no doubt. But I am somewhat reluctant to include a fairly substantial piece of JRE specific code through reflection, given it is quite trivial to plug in that code through a custom hostname verifier. If the SNI support is critical enough we should consider writing proper RFC 3546 implementation in order to support all JRE platforms HttpClient can run on.
Oleg
> Server Name Indication (SNI) Support
> ------------------------------------
>
> Key: HTTPCLIENT-1119
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Reporter: Gus Power
> Labels: sni, ssl, tls, vhost
> Fix For: Future
>
> Attachments: HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically test host access and availability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org