You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2015/11/28 14:25:56 UTC
svn commit: r1716972 -
/httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
Author: olegk
Date: Sat Nov 28 13:25:56 2015
New Revision: 1716972
URL: http://svn.apache.org/viewvc?rev=1716972&view=rev
Log:
HTTPCLIENT-1698: Fixed matching of IPv6 addresses by DefaultHostnameVerifier
Modified:
httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
Modified: httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java?rev=1716972&r1=1716971&r2=1716972&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java (original)
+++ httpcomponents/httpclient/branches/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java Sat Nov 28 13:25:56 2015
@@ -64,6 +64,8 @@ import org.apache.http.conn.util.PublicS
@Immutable
public final class DefaultHostnameVerifier implements HostnameVerifier {
+ enum TYPE { IPv4, IPv6, DNS };
+
final static int DNS_NAME_TYPE = 2;
final static int IP_ADDRESS_TYPE = 7;
@@ -96,17 +98,30 @@ public final class DefaultHostnameVerifi
public void verify(
final String host, final X509Certificate cert) throws SSLException {
- final boolean ipv4 = InetAddressUtils.isIPv4Address(host);
- final boolean ipv6 = InetAddressUtils.isIPv6Address(host);
- final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
+ TYPE hostFormat = TYPE.DNS;
+ if (InetAddressUtils.isIPv4Address(host)) {
+ hostFormat = TYPE.IPv4;
+ } else {
+ String s = host;
+ if (s.startsWith("[") && s.endsWith("]")) {
+ s = host.substring(1, host.length() - 1);
+ }
+ if (InetAddressUtils.isIPv6Address(s)) {
+ hostFormat = TYPE.IPv6;
+ }
+ }
+ final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
final List<String> subjectAlts = extractSubjectAlts(cert, subjectType);
if (subjectAlts != null && !subjectAlts.isEmpty()) {
- if (ipv4) {
- matchIPAddress(host, subjectAlts);
- } else if (ipv6) {
- matchIPv6Address(host, subjectAlts);
- } else {
- matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
+ switch (hostFormat) {
+ case IPv4:
+ matchIPAddress(host, subjectAlts);
+ break;
+ case IPv6:
+ matchIPv6Address(host, subjectAlts);
+ break;
+ default:
+ matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
}
} else {
// CN matching has been deprecated by rfc2818 and can be used