You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2007/10/11 11:19:45 UTC
svn commit: r583749 -
/jakarta/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
Author: olegk
Date: Thu Oct 11 02:19:45 2007
New Revision: 583749
URL: http://svn.apache.org/viewvc?rev=583749&view=rev
Log:
HTTPCLIENT-617: Hostname verification: turn off wildcards when CN is an IP address
Contributed by Julius Davies <juliusdavies at gmail.com>
Reviewed by Oleg Kalnichevski
Modified:
jakarta/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
Modified: jakarta/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
URL: http://svn.apache.org/viewvc/jakarta/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java?rev=583749&r1=583748&r2=583749&view=diff
==============================================================================
--- jakarta/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java (original)
+++ jakarta/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java Thu Oct 11 02:19:45 2007
@@ -31,6 +31,8 @@
package org.apache.http.conn.ssl;
+import org.apache.http.conn.util.InetAddressUtils;
+
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
@@ -195,7 +197,8 @@
// [*.org.uk], etc...
boolean doWildcard = cn.startsWith("*.") &&
cn.lastIndexOf('.') >= 0 &&
- acceptableCountryWildcard(cn);
+ acceptableCountryWildcard(cn) &&
+ !InetAddressUtils.isIPv4Address(host);
if(doWildcard) {
match = hostName.endsWith(cn.substring(1));