You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/01/12 10:09:05 UTC
svn commit: r1778412 - in
/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl:
DefaultHostnameVerifier.java HttpClientHostnameVerifier.java
SSLConnectionSocketFactory.java
Author: olegk
Date: Thu Jan 12 10:09:04 2017
New Revision: 1778412
URL: http://svn.apache.org/viewvc?rev=1778412&view=rev
Log:
Use extended HostnameVerifier interface that propagates detailed exception in case of hostname verification failure when available
Added:
httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java (with props)
Modified:
httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java
httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java
Modified: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java?rev=1778412&r1=1778411&r2=1778412&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java Thu Jan 12 10:09:04 2017
@@ -44,7 +44,6 @@ import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
@@ -64,7 +63,7 @@ import org.apache.logging.log4j.Logger;
* @since 4.4
*/
@Contract(threading = ThreadingBehavior.IMMUTABLE_CONDITIONAL)
-public final class DefaultHostnameVerifier implements HostnameVerifier {
+public final class DefaultHostnameVerifier implements HttpClientHostnameVerifier {
enum HostNameType {
@@ -105,6 +104,7 @@ public final class DefaultHostnameVerifi
}
}
+ @Override
public void verify(
final String host, final X509Certificate cert) throws SSLException {
final HostNameType hostType = determineHostFormat(host);
Added: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java?rev=1778412&view=auto
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java (added)
+++ httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java Thu Jan 12 10:09:04 2017
@@ -0,0 +1,44 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.hc.client5.http.ssl;
+
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLException;
+
+/**
+ * Extended {@link HostnameVerifier} interface.
+ *
+ * @since 5.0
+ */
+public interface HttpClientHostnameVerifier extends HostnameVerifier {
+
+ void verify(String host, X509Certificate cert) throws SSLException;
+
+}
Propchange: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java?rev=1778412&r1=1778411&r2=1778412&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java (original)
+++ httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java Thu Jan 12 10:09:04 2017
@@ -397,7 +397,11 @@ public class SSLConnectionSocketFactory
}
}
- if (!this.hostnameVerifier.verify(hostname, session)) {
+ if (this.hostnameVerifier instanceof HttpClientHostnameVerifier) {
+ final Certificate[] certs = session.getPeerCertificates();
+ final X509Certificate x509 = (X509Certificate) certs[0];
+ ((HttpClientHostnameVerifier) this.hostnameVerifier).verify(hostname, x509);
+ } else if (!this.hostnameVerifier.verify(hostname, session)) {
final Certificate[] certs = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) certs[0];
final List<String> subjectAlts = DefaultHostnameVerifier.extractSubjectAlts(hostname, x509);