You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2016/12/05 15:42:58 UTC
[jira] [Commented] (HTTPCLIENT-1792) Improve the error message when
hostname verification fails
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15722570#comment-15722570 ]
Oleg Kalnichevski commented on HTTPCLIENT-1792:
-----------------------------------------------
Is it not what HttpClient 4.5 does?
https://github.com/apache/httpclient/blob/4.5.x/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java#L147
Oleg
> Improve the error message when hostname verification fails
> ----------------------------------------------------------
>
> Key: HTTPCLIENT-1792
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1792
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient (classic)
> Affects Versions: 4.4.1
> Reporter: Jens Borgland
> Priority: Minor
>
> When hostname verification fails {{org.apache.http.conn.ssl.SSLConnectionSocketFactory}} will throw a {{SSLPeerUnverifiedException}} with a message like this:
> {noformat}
> Host name 'FOO' does not match the certificate subject provided by the peer (CN=BAR)
> {noformat}
> *Expected:*
> Including the _subject alternative names_, rather than the CN, in the message would be a lot more helpful when troubleshooting (and probably more correct since the use of CN matching is deprecated through RFC 2818).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org