You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Nikhil Gahlot (Jira)" <ji...@apache.org> on 2020/08/25 13:59:00 UTC
[jira] [Created] (HTTPCLIENT-2111) DefaultHostnameVerifier fails
with "doesn't match any of the subject alternative names"
Nikhil Gahlot created HTTPCLIENT-2111:
-----------------------------------------
Summary: DefaultHostnameVerifier fails with "doesn't match any of the subject alternative names"
Key: HTTPCLIENT-2111
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2111
Project: HttpComponents HttpClient
Issue Type: Bug
Affects Versions: 4.5.12
Reporter: Nikhil Gahlot
In httpclient 4.5.6, DefaultHostnameVerifier explicitly checks for dots(.) in the hostname (excluding domain/sub-domain). This causes hostnames like abc.xyz.mno.pqr.dev.local to fail on certificate with SAN wild card *.dev.local. I am using certificate with CN = *.dev.local and SAN = *.dev.local. Below is error I am getting.
{code:java}
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <abc.xyz.mno.pqr.dev.local> doesn't match any of the subject alternative names: [*.dev.local]{code}
I tested with 4.5.12 as well as 5.0.1 but getting the same error. Can someone recommend a good way to resolve this?
DefaultHostnameVerifier.matchIdentity()
{code:java}
// Additional sanity checks on content selected by wildcard can be done here
if (strict) {
final String remainder = host.substring(
prefix.length(), host.length() - suffix.length());
if (remainder.contains(".")) {
return false;
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org