You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@wink.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2010/07/23 17:52:52 UTC

[jira] Commented: (WINK-242) Support SSL Hostname Verifier Bypass

    [ https://issues.apache.org/jira/browse/WINK-242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12891642#action_12891642 ] 

Hudson commented on WINK-242:
-----------------------------

Integrated in Wink-Trunk-JDK1.5 #370 (See [http://hudson.zones.apache.org/hudson/job/Wink-Trunk-JDK1.5/370/])
    WINK-242: support SSL hostname verifier bypass


> Support SSL Hostname Verifier Bypass
> ------------------------------------
>
>                 Key: WINK-242
>                 URL: https://issues.apache.org/jira/browse/WINK-242
>             Project: Wink
>          Issue Type: New Feature
>    Affects Versions: 1.1
>         Environment: Doesn't matter
>            Reporter: Andrew Spyker
>            Assignee: Mike Rheinheimer
>            Priority: Minor
>         Attachments: WINK-242.patch
>
>
> It is incorrect, but common, for web sites to have SSL certs that are signed by localhost with localhost as the CN/hostname, but then are deployed on real websites like w3.internal.example.com.  If you try to connect to one of these with Wink you get:
> Exception : java.io.IOException: HTTPS hostname wrong: should be <localhost>
> You'll see extensive discussion and how to fix at:
> http://forums.sun.com/thread.jspa?threadID=521779
> You'll also see commercial products supporting this behavior as well like:
> http://www-01.ibm.com/support/docview.wss?uid=swg1PK24500

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.