You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2012/12/12 20:00:19 UTC

[jira] [Created] (HTTPCLIENT-1275) AllowAllHostnameVerifier does not prevent SSL handshake verification errors

Karl Wright created HTTPCLIENT-1275:
---------------------------------------

             Summary: AllowAllHostnameVerifier does not prevent SSL handshake verification errors
                 Key: HTTPCLIENT-1275
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1275
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpConn
    Affects Versions: 4.2.2
            Reporter: Karl Wright
            Assignee: Karl Wright
             Fix For: 4.2.3


In debugging unverified SSL connections for the ManifoldCF RSS connector, I discovered that even with AllowAllHostnameVerifier(), which supposedly shuts down SSL hostname verification, the SSLSession method getPeerCertificates() can cause an exception anyway, before the overridden method is called, because peer authentication has not yet occurred.

See CONNECTORS-579 for details, and for the exact trace.

I'm also looking for suggestions as to how to properly fix this.  One possibility would be to catch the exception and pass null for the peer certs to the verify method.  Since that loses the exception, though, it might be better to change the method signature of the overridden verify() method and include an Exception object, which could get rethrown if needed.






--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org