You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2021/05/03 18:15:07 UTC

[httpcomponents-client] 01/01: HTTPCLIENT-2158: DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in square brackets as valid

This is an automated email from the ASF dual-hosted git repository.

olegk pushed a commit to branch HTTPCLIENT-2158
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git

commit 37820a6267debd8c38b99ddb7bda60d9582b2b55
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Mon May 3 20:11:59 2021 +0200

    HTTPCLIENT-2158: DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in square brackets as valid
---
 .../org/apache/http/conn/ssl/DefaultHostnameVerifier.java    |  6 +++++-
 .../apache/http/conn/ssl/TestDefaultHostnameVerifier.java    | 12 ++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
index 18dd5dc..cfab5ac 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
@@ -148,7 +148,11 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
     }
 
     static void matchIPv6Address(final String host, final List<SubjectName> subjectAlts) throws SSLException {
-        final String normalisedHost = normaliseAddress(host);
+        String s = host;
+        if (s.startsWith("[") && s.endsWith("]")) {
+            s = host.substring(1, host.length() - 1);
+        }
+        final String normalisedHost = normaliseAddress(s);
         for (int i = 0; i < subjectAlts.size(); i++) {
             final SubjectName subjectAlt = subjectAlts.get(i);
             if (subjectAlt.getType() == SubjectName.IP) {
diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
index 71bf7e0..ca008c2 100644
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
+++ b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
@@ -398,6 +398,18 @@ public class TestDefaultHostnameVerifier {
     }
 
     @Test
+    public void testIPv6Format() throws Exception{
+        final SubjectName subjectName = SubjectName.IP("2001:0db8:aaaa:bbbb:cccc:0:0:0001");
+        DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc:0:0:0001", Arrays.asList(subjectName));
+        DefaultHostnameVerifier.matchIPv6Address("[2001:0db8:aaaa:bbbb:cccc:0:0:0001]", Arrays.asList(subjectName));
+        try {
+            DefaultHostnameVerifier.matchIPv6Address("/2001:0db8:aaaa:bbbb:cccc:0:0:0001/", Arrays.asList(subjectName));
+            Assert.fail("SSLException expected");
+        } catch (final SSLException expected) {
+        }
+    }
+
+    @Test
     public void testExtractCN() throws Exception {
         Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, ou=blah, o=blah"));
         Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, cn=yada, cn=booh"));