You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2014/08/09 14:56:41 UTC

Re: svn commit: r1616758

On Sat, 2014-08-09 at 13:44 +0100, sebb wrote:
> On 8 August 2014 15:00,  <ol...@apache.org> wrote:
> > Author: olegk
> > Date: Fri Aug  8 14:00:55 2014
> > New Revision: 1616758
> >
> > URL: http://svn.apache.org/r1616758
> > Log:
> >  Deprecated X509HostnameVerifier interface in favor of standard javax.net.ssl.HostnameVerifier

...

> >      private void verifyHostname(final SSLSocket sslsock, final String hostname) throws IOException {
> >          try {
> > -            this.hostnameVerifier.verify(hostname, sslsock);
> > +            SSLSession session = sslsock.getSession();
> > +            if (session == null) {
> > +                // In our experience this only happens under IBM 1.4.x when
> 
> So is this still needed, given that HC requires 1.5+ now?
> 

We are even 1.6+ in trunk. I simply do not know whether or not it is
still need. Doing #available on input string is pretty cheap, however.
If it can help in some cases, why not?

> 
> > +                // spurious (unrelated) certificates show up in the server'
> > +                // chain.  Hopefully this will unearth the real problem:
> > +                final InputStream in = sslsock.getInputStream();
> > +                in.available();
> > +                // If ssl.getInputStream().available() didn't cause an
> > +                // exception, maybe at least now the session is available?
> > +                session = sslsock.getSession();

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org