You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Sidney Beekhoven (JIRA)" <ji...@apache.org> on 2013/10/02 15:04:24 UTC

[jira] [Created] (HTTPCLIENT-1409) AbstractVerifier.acceptableCountryWildcard check not strict enough

Sidney Beekhoven created HTTPCLIENT-1409:
--------------------------------------------

             Summary: AbstractVerifier.acceptableCountryWildcard check not strict enough
                 Key: HTTPCLIENT-1409
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1409
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.3 Final
            Reporter: Sidney Beekhoven


I work at a company called info.nl in the Netherlands, so our domain is info.nl. We have a wildcard certificate in use for several services, *.info.nl.

The AbstractVerifier has a method acceptableCountryWildcard which checks that you don't use eg *.co.uk as the wildcard in the certificate. The second to last domain part is checked against a fixed list, which includes info so our wildcard is not accepted.

Apparantly there are some countries where info.<countrycode> is seen as a top level domain but that is not the case for the netherlands. So the check on this is not strict enough and should also take into account the top level domain.




--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org