You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Ross Bender (Jira)" <ji...@apache.org> on 2020/02/27 17:21:00 UTC
[jira] [Comment Edited] (HTTPCLIENT-2047) Regression in default
HTTP Client construction for non-public hostnames
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17046819#comment-17046819 ]
Ross Bender edited comment on HTTPCLIENT-2047 at 2/27/20 5:20 PM:
------------------------------------------------------------------
We got bit by this issue too, jumping from 4.5.2 -> 4.5.11. I appreciate that the issue was quickly identified and fixed in 4.5.12.
Do we know when 4.5.12 will be released (rough ETA)?
It seems like good opportunity to encourage tighter adherence to versioning standards. As [~olegk] mentioned, the bug was introduced because of feature/behavioral changes slipped in as patch version changes. If closer attention is paid to this in the future we can hopefully avoid it.
Thanks!
was (Author: ross.bender7@gmail.com):
We got bit by this issue too, jumping from 4.5.2 -> 4.5.11. I appreciate that the issue was quickly identified and fixed in 4.5.12.
It seems like good opportunity to encourage tighter adherence to versioning standards. As [~olegk] mentioned, the bug was introduced because of feature/behavioral changes slipped in as patch version changes. If closer attention is paid to this in the future we can hopefully avoid it.
Thanks!
> Regression in default HTTP Client construction for non-public hostnames
> -----------------------------------------------------------------------
>
> Key: HTTPCLIENT-2047
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2047
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.11
> Reporter: Mike
> Priority: Major
> Labels: regression
> Fix For: 4.5.12, 5.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> I believe that the result of:
>
> https://github.com/apache/httpcomponents-client/commit/b184b244ad9342a384ba87f48c6b48805a3b0f1f
> and:
> https://github.com/apache/httpcomponents-client/commit/e0416f07c344929699a2bc303eb3a049c62bd979
>
> Caused a regression which prevents non-public hostnames from validating, resulting in errors like (I have redacted hostnames as possible):
> {code:java}
> Certificate for <hostname-workspace-1.ops.domain.local> doesn't match any of the subject alternative names: [user-id-60662, hostname-workspace-1.ops.domain.local, 127.0.0.1, 10.2.243.75]
> {code}
> This is because the default value of {{ICANN}} is now supplied to the {{PublicSuffixMatcher}}, which causes it to *only* accept publicly accessible hostnames now (or so it seems).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org