You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2021/05/03 18:15:06 UTC
[httpcomponents-client] branch HTTPCLIENT-2158 created (now 37820a6)
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a change to branch HTTPCLIENT-2158
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git.
at 37820a6 HTTPCLIENT-2158: DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in square brackets as valid
This branch includes the following new commits:
new 37820a6 HTTPCLIENT-2158: DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in square brackets as valid
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[httpcomponents-client] 01/01: HTTPCLIENT-2158:
DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in
square brackets as valid
Posted by ol...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch HTTPCLIENT-2158
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git
commit 37820a6267debd8c38b99ddb7bda60d9582b2b55
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Mon May 3 20:11:59 2021 +0200
HTTPCLIENT-2158: DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in square brackets as valid
---
.../org/apache/http/conn/ssl/DefaultHostnameVerifier.java | 6 +++++-
.../apache/http/conn/ssl/TestDefaultHostnameVerifier.java | 12 ++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
index 18dd5dc..cfab5ac 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
@@ -148,7 +148,11 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
}
static void matchIPv6Address(final String host, final List<SubjectName> subjectAlts) throws SSLException {
- final String normalisedHost = normaliseAddress(host);
+ String s = host;
+ if (s.startsWith("[") && s.endsWith("]")) {
+ s = host.substring(1, host.length() - 1);
+ }
+ final String normalisedHost = normaliseAddress(s);
for (int i = 0; i < subjectAlts.size(); i++) {
final SubjectName subjectAlt = subjectAlts.get(i);
if (subjectAlt.getType() == SubjectName.IP) {
diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
index 71bf7e0..ca008c2 100644
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
+++ b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
@@ -398,6 +398,18 @@ public class TestDefaultHostnameVerifier {
}
@Test
+ public void testIPv6Format() throws Exception{
+ final SubjectName subjectName = SubjectName.IP("2001:0db8:aaaa:bbbb:cccc:0:0:0001");
+ DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc:0:0:0001", Arrays.asList(subjectName));
+ DefaultHostnameVerifier.matchIPv6Address("[2001:0db8:aaaa:bbbb:cccc:0:0:0001]", Arrays.asList(subjectName));
+ try {
+ DefaultHostnameVerifier.matchIPv6Address("/2001:0db8:aaaa:bbbb:cccc:0:0:0001/", Arrays.asList(subjectName));
+ Assert.fail("SSLException expected");
+ } catch (final SSLException expected) {
+ }
+ }
+
+ @Test
public void testExtractCN() throws Exception {
Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, ou=blah, o=blah"));
Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, cn=yada, cn=booh"));