You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Axel Rezé <ax...@live.fr> on 2019/11/26 16:51:20 UTC
[BUG] - Unusable wildcard detection in httpcomponents matchIdentity
Hi everyone,
I'm working on a new project using a java 8 context with springboot. We are working into securized envs using SSL certification, but i've some trouble with the widlcards ! I'm working with the library 4.5.9
In the method "matchIdentity" in the "DefaultHostnameVerifier" has a problem.
static boolean matchDomainRoot(final String host, final String domainRoot) {
if (domainRoot == null) {
return false;
}
return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
|| host.charAt(host.length() - domainRoot.length() - 1) == '.');
}
"host.endsWith(domainRoot)" is did before wildcar treatment, so any match found and an error is throw after in the processe.
I explain :
url "xxx.yyy.zzz"
in certificate "*.yyy.zzz"
endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
But it doesn't, because of wildcars wasn't took of.
I haven't see any bugs for this, so it was i send this mail ton confirm if it was a bug and ask for correction if it is !
Thanksfully,
Axel.
Re: [BUG] - Unusable wildcard detection in httpcomponents
matchIdentity
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2019-11-26 at 17:03 +0000, Axel Rezé wrote:
> Hi everyone,
>
> I'm working on a new project using a java 8 context with springboot.
> We are working into securized envs using SSL certification, but i've
> some trouble with the widlcards ! I'm working with the library 4.5.9
>
> In the method "matchIdentity" in the "DefaultHostnameVerifier" has a
> problem.
>
>
> static boolean matchDomainRoot(final String host, final String
> domainRoot) {
> if (domainRoot == null) {
> return false;
> }
> return host.endsWith(domainRoot) && (host.length() ==
> domainRoot.length()
> || host.charAt(host.length() - domainRoot.length() - 1)
> == '.');
> }
>
> "host.endsWith(domainRoot)" is did before wildcar treatment, so any
> match found and an error is throw after in the process. It is
> happening when whe have publicSuffixMatcher :)
>
> I explain :
> url "xxx.yyy.zzz"
> in certificate "*.yyy.zzz"
>
> endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
> But it doesn't, because of wildcars wasn't took of.
>
> I haven't see any bugs for this, so it was i send this mail ton
> confirm if it was a bug and ask for correction if it is !
>
> Thanksfully,
> Axel.
>
Hi Axel
Please reproduce the issue you see as a bug with a unit test similar to
those found in this class
https://github.com/apache/httpcomponents-client/blob/4.5.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[BUG] - Unusable wildcard detection in httpcomponents matchIdentity
Posted by Axel Rezé <ax...@live.fr>.
Hi everyone,
I'm working on a new project using a java 8 context with springboot. We are working into securized envs using SSL certification, but i've some trouble with the widlcards ! I'm working with the library 4.5.9
In the method "matchIdentity" in the "DefaultHostnameVerifier" has a problem.
static boolean matchDomainRoot(final String host, final String domainRoot) {
if (domainRoot == null) {
return false;
}
return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
|| host.charAt(host.length() - domainRoot.length() - 1) == '.');
}
"host.endsWith(domainRoot)" is did before wildcar treatment, so any match found and an error is throw after in the process. It is happening when whe have publicSuffixMatcher :)
I explain :
url "xxx.yyy.zzz"
in certificate "*.yyy.zzz"
endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
But it doesn't, because of wildcars wasn't took of.
I haven't see any bugs for this, so it was i send this mail ton confirm if it was a bug and ask for correction if it is !
Thanksfully,
Axel.