You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/02/15 13:51:00 UTC
[jira] [Commented] (HTTPCLIENT-2047) Regression in default HTTP
Client construction for non-public hostnames
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17037519#comment-17037519 ]
ASF subversion and git services commented on HTTPCLIENT-2047:
-------------------------------------------------------------
Commit 4401991d93e1c4979cf8931e343323f97c335608 in httpcomponents-client's branch refs/heads/JDK-8212885 from Oleg Kalnichevski
[ https://gitbox.apache.org/repos/asf?p=httpcomponents-client.git;h=4401991 ]
HTTPCLIENT-2047: fixed regression in DefaultHostnameVerifier causing rejection of certs with non-standard domains.
This reverts commit 87cc64fc
> Regression in default HTTP Client construction for non-public hostnames
> -----------------------------------------------------------------------
>
> Key: HTTPCLIENT-2047
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2047
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.11
> Reporter: Mike
> Priority: Major
> Labels: regression
> Fix For: 4.5.12, 5.0 Beta8
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> I believe that the result of:
>
> https://github.com/apache/httpcomponents-client/commit/b184b244ad9342a384ba87f48c6b48805a3b0f1f
> and:
> https://github.com/apache/httpcomponents-client/commit/e0416f07c344929699a2bc303eb3a049c62bd979
>
> Caused a regression which prevents non-public hostnames from validating, resulting in errors like (I have redacted hostnames as possible):
> {code:java}
> Certificate for <hostname-workspace-1.ops.domain.local> doesn't match any of the subject alternative names: [user-id-60662, hostname-workspace-1.ops.domain.local, 127.0.0.1, 10.2.243.75]
> {code}
> This is because the default value of {{ICANN}} is now supplied to the {{PublicSuffixMatcher}}, which causes it to *only* accept publicly accessible hostnames now (or so it seems).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org