You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2021/05/03 18:15:07 UTC
[httpcomponents-client] 01/01: HTTPCLIENT-2158:
DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in
square brackets as valid
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch HTTPCLIENT-2158
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git
commit 37820a6267debd8c38b99ddb7bda60d9582b2b55
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Mon May 3 20:11:59 2021 +0200
HTTPCLIENT-2158: DefaultHostnameVerifier does not recognize IPv6 addresses enclosed in square brackets as valid
---
.../org/apache/http/conn/ssl/DefaultHostnameVerifier.java | 6 +++++-
.../apache/http/conn/ssl/TestDefaultHostnameVerifier.java | 12 ++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
index 18dd5dc..cfab5ac 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
@@ -148,7 +148,11 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
}
static void matchIPv6Address(final String host, final List<SubjectName> subjectAlts) throws SSLException {
- final String normalisedHost = normaliseAddress(host);
+ String s = host;
+ if (s.startsWith("[") && s.endsWith("]")) {
+ s = host.substring(1, host.length() - 1);
+ }
+ final String normalisedHost = normaliseAddress(s);
for (int i = 0; i < subjectAlts.size(); i++) {
final SubjectName subjectAlt = subjectAlts.get(i);
if (subjectAlt.getType() == SubjectName.IP) {
diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
index 71bf7e0..ca008c2 100644
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
+++ b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
@@ -398,6 +398,18 @@ public class TestDefaultHostnameVerifier {
}
@Test
+ public void testIPv6Format() throws Exception{
+ final SubjectName subjectName = SubjectName.IP("2001:0db8:aaaa:bbbb:cccc:0:0:0001");
+ DefaultHostnameVerifier.matchIPv6Address("2001:0db8:aaaa:bbbb:cccc:0:0:0001", Arrays.asList(subjectName));
+ DefaultHostnameVerifier.matchIPv6Address("[2001:0db8:aaaa:bbbb:cccc:0:0:0001]", Arrays.asList(subjectName));
+ try {
+ DefaultHostnameVerifier.matchIPv6Address("/2001:0db8:aaaa:bbbb:cccc:0:0:0001/", Arrays.asList(subjectName));
+ Assert.fail("SSLException expected");
+ } catch (final SSLException expected) {
+ }
+ }
+
+ @Test
public void testExtractCN() throws Exception {
Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, ou=blah, o=blah"));
Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, cn=yada, cn=booh"));