You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Andriy Redko (Jira)" <ji...@apache.org> on 2021/01/28 02:38:00 UTC
[jira] [Commented] (CXF-8415) DefaultHostnameVerifier fails with
HttpCore NIO
[ https://issues.apache.org/jira/browse/CXF-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17273265#comment-17273265 ]
Andriy Redko commented on CXF-8415:
-----------------------------------
[~ffang] do you recall this change? I am wondering if throwing an exception is the way to go (since `verify` never returns `false` in fact), thank you.
> DefaultHostnameVerifier fails with HttpCore NIO
> -----------------------------------------------
>
> Key: CXF-8415
> URL: https://issues.apache.org/jira/browse/CXF-8415
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.4.1
> Environment: CXF version 3.4.1
> httpcore-nio version 4.4.13
> httpasyncclient version 4.1.4
> Reporter: Per-Ivar Bakke
> Priority: Major
>
> DefaultHostnameVerifier throws RuntimeException causing the IOReactor in HttpCore NIO to die. I have registered an issue on Apache HttpCore NIO HTTPCORE-660, but I really think this should be fixed in CXF.
> Please not that the [line in question|https://github.com/apache/cxf/blob/master/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java#L98] was changed from returning false to throwing RuntimeException as part of [CXF-7876|https://issues.apache.org/jira/browse/CXF-7876]. But, maybe a better approach would be to not catch the SSLException. This will not kill the IOReactor in HttpCore NIO.
> *Steps to reproduce*
> # Configure CXF to use [asynchronous client http transport|https://cxf.apache.org/docs/asynchronous-client-http-transport.html]
> # Test towards a server having a certificate with non-matching host (for instance [wrong.host.badssl.com|https://wrong.host.badssl.com/])
--
This message was sent by Atlassian Jira
(v8.3.4#803005)