[BUG] - Unusable wildcard detection in httpcomponents matchIdentity

[Axel Rezé <ax...@live.fr>]

Hi everyone,

I'm working on a new project using a java 8 context with springboot. We are working into securized envs using SSL certification, but i've some trouble with the widlcards ! I'm working with the library 4.5.9

In the method "matchIdentity" in the "DefaultHostnameVerifier" has a problem.


static boolean matchDomainRoot(final String host, final String domainRoot) {
    if (domainRoot == null) {
        return false;
    }
    return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
            || host.charAt(host.length() - domainRoot.length() - 1) == '.');
}

"host.endsWith(domainRoot)" is did before wildcar treatment, so any match found and an error is throw after in the processe.

I explain :
url "xxx.yyy.zzz"
in certificate "*.yyy.zzz"

endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
But it doesn't, because of wildcars wasn't took of.

I haven't see any bugs for this, so it was i send this mail ton confirm if it was a bug and ask for correction if it is !

Thanksfully,
Axel.

Re: [BUG] - Unusable wildcard detection in httpcomponents matchIdentity

[Oleg Kalnichevski <ol...@apache.org>]

On Tue, 2019-11-26 at 17:03 +0000, Axel Rezé wrote:
>  Hi everyone,
> 
> I'm working on a new project using a java 8 context with springboot.
> We are working into securized envs using SSL certification, but i've
> some trouble with the widlcards ! I'm working with the library 4.5.9
> 
> In the method "matchIdentity" in the "DefaultHostnameVerifier" has a
> problem.
> 
> 
> static boolean matchDomainRoot(final String host, final String
> domainRoot) {
>     if (domainRoot == null) {
>         return false;
>     }
>     return host.endsWith(domainRoot) && (host.length() ==
> domainRoot.length()
>             || host.charAt(host.length() - domainRoot.length() - 1)
> == '.');
> }
> 
> "host.endsWith(domainRoot)" is did before wildcar treatment, so any
> match found and an error is throw after in the process. It is
> happening when whe have publicSuffixMatcher :)
> 
> I explain :
> url "xxx.yyy.zzz"
> in certificate "*.yyy.zzz"
> 
> endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
> But it doesn't, because of wildcars wasn't took of.
> 
> I haven't see any bugs for this, so it was i send this mail ton
> confirm if it was a bug and ask for correction if it is !
> 
> Thanksfully,
> Axel.
> 

Hi Axel

Please reproduce the issue you see as a bug with a unit test similar to
those found in this class

https://github.com/apache/httpcomponents-client/blob/4.5.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

[BUG] - Unusable wildcard detection in httpcomponents matchIdentity

[Axel Rezé <ax...@live.fr>]

 Hi everyone,

I'm working on a new project using a java 8 context with springboot. We are working into securized envs using SSL certification, but i've some trouble with the widlcards ! I'm working with the library 4.5.9

In the method "matchIdentity" in the "DefaultHostnameVerifier" has a problem.


static boolean matchDomainRoot(final String host, final String domainRoot) {
    if (domainRoot == null) {
        return false;
    }
    return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
            || host.charAt(host.length() - domainRoot.length() - 1) == '.');
}

"host.endsWith(domainRoot)" is did before wildcar treatment, so any match found and an error is throw after in the process. It is happening when whe have publicSuffixMatcher :)

I explain :
url "xxx.yyy.zzz"
in certificate "*.yyy.zzz"

endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
But it doesn't, because of wildcars wasn't took of.

I haven't see any bugs for this, so it was i send this mail ton confirm if it was a bug and ask for correction if it is !

Thanksfully,
Axel.