You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/02/15 13:51:00 UTC

[jira] [Commented] (HTTPCLIENT-2047) Regression in default HTTP Client construction for non-public hostnames

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-2047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17037519#comment-17037519 ] 

ASF subversion and git services commented on HTTPCLIENT-2047:
-------------------------------------------------------------

Commit 4401991d93e1c4979cf8931e343323f97c335608 in httpcomponents-client's branch refs/heads/JDK-8212885 from Oleg Kalnichevski
[ https://gitbox.apache.org/repos/asf?p=httpcomponents-client.git;h=4401991 ]

HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier causing rejection of certs with non-standard domains.

This reverts commit 87cc64fc


> Regression in default HTTP Client construction for non-public hostnames
> -----------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2047
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2047
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.11
>            Reporter: Mike
>            Priority: Major
>              Labels: regression
>             Fix For: 4.5.12, 5.0 Beta8
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> I believe that the result of:
>  
> https://github.com/apache/httpcomponents-client/commit/b184b244ad9342a384ba87f48c6b48805a3b0f1f
> and:
> https://github.com/apache/httpcomponents-client/commit/e0416f07c344929699a2bc303eb3a049c62bd979
>  
> Caused a regression which prevents non-public hostnames from validating, resulting in errors like (I have redacted hostnames as possible):
> {code:java}
> Certificate for <hostname-workspace-1.ops.domain.local> doesn't match any of the subject alternative names: [user-id-60662, hostname-workspace-1.ops.domain.local, 127.0.0.1, 10.2.243.75]
>  {code}
> This is because the default value of {{ICANN}} is now supplied to the {{PublicSuffixMatcher}}, which causes it to *only* accept publicly accessible hostnames now (or so it seems).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org