You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2006/12/08 17:07:22 UTC
[jira] Resolved: (HTTPCLIENT-613) https should check CN of x509
cert
[ http://issues.apache.org/jira/browse/HTTPCLIENT-613?page=all ]
Oleg Kalnichevski resolved HTTPCLIENT-613.
------------------------------------------
Resolution: Fixed
> https should check CN of x509 cert
> ----------------------------------
>
> Key: HTTPCLIENT-613
> URL: http://issues.apache.org/jira/browse/HTTPCLIENT-613
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: Nightly Builds
> Reporter: Julius Davies
> Priority: Critical
> Fix For: 4.0 Alpha 1
>
> Attachments: SSLSocketFactory.patch, SSLSocketFactory_best.patch, SSLSocketFactory_improved.patch
>
>
> https should check CN of x509 cert
> Since we're essentially rolling our own "HttpsURLConnection", the checking provided by "javax.net.ssl.HostnameVerifier" is no longer in place.
> I have a patch I'm about to attach which caused both createSocket() methods on o.a.h.conn.ssl.SSLSocketFactory to blowup:
> test1: javax.net.ssl.SSLException: hostname in certificate didn't match: <vancity.com> != <www.vancity.com>
> test2: javax.net.ssl.SSLException: hostname in certificate didn't match: <vancity.com> != <www.vancity.com>
> Hopefully people agree that this is desirable.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org