You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Dan Quaroni <q...@invoke.com> on 2015/01/06 23:08:31 UTC
SSL trouble with wildcards and certs in 4.4 beta1
This used to work in 4.3... I've tried setting other HostNameVerifiers
(which seem to be all deprecated now in 4.4) but that also hasn't helped.
The Default verifier is rejecting a cert with a wilcard in it:
javax.net.ssl.SSLPeerUnverifiedException: Host name 'us8.api.mailchimp.com'
does not match the certificate subject provided by the peer (CN=*.
api.mailchimp.com, OU=Rocket Science Group, O=ROCKET SCIENCE GROUP,
L=Atlanta, ST=GA, C=US)
--
*Daniel Quaroni*
Principal Software Architect
P: 781.810.2743
q@invoke.com
www.invoke.com
See a Demo here <http://www.invoke.com/platform/demo>
Re: SSL trouble with wildcards and certs in 4.4 beta1
Posted by Dan Quaroni <q...@invoke.com>.
The problem doesn't reproduce with the trunk, so I suppose from my
perspective that's mission accomplished.
Thanks.
On Wed, Jan 7, 2015 at 4:33 AM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Tue, 2015-01-06 at 17:08 -0500, Dan Quaroni wrote:
> > This used to work in 4.3... I've tried setting other HostNameVerifiers
> > (which seem to be all deprecated now in 4.4) but that also hasn't helped.
> > The Default verifier is rejecting a cert with a wilcard in it:
> >
> > javax.net.ssl.SSLPeerUnverifiedException: Host name '
> us8.api.mailchimp.com'
> > does not match the certificate subject provided by the peer (CN=*.
> > api.mailchimp.com, OU=Rocket Science Group, O=ROCKET SCIENCE GROUP,
> > L=Atlanta, ST=GA, C=US)
> >
> >
> >
>
> I am not sure this issue is necessarily caused by wildcard in the
> subject's CN. Could you please upgrade to the latest snapshot from
> HttpClient trunk [1], execute the request with context logging on [2]
> and post the resultant log to this list?
>
> Oleg
>
> [1] https://github.com/apache/httpclient/tree/trunk
> [2] http://hc.apache.org/httpcomponents-client-4.3.x/logging.html
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
*Daniel Quaroni*
Principal Software Architect
P: 781.810.2743
q@invoke.com
www.invoke.com
See a Demo here <http://www.invoke.com/platform/demo>
Re: SSL trouble with wildcards and certs in 4.4 beta1
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2015-01-06 at 17:08 -0500, Dan Quaroni wrote:
> This used to work in 4.3... I've tried setting other HostNameVerifiers
> (which seem to be all deprecated now in 4.4) but that also hasn't helped.
> The Default verifier is rejecting a cert with a wilcard in it:
>
> javax.net.ssl.SSLPeerUnverifiedException: Host name 'us8.api.mailchimp.com'
> does not match the certificate subject provided by the peer (CN=*.
> api.mailchimp.com, OU=Rocket Science Group, O=ROCKET SCIENCE GROUP,
> L=Atlanta, ST=GA, C=US)
>
>
>
I am not sure this issue is necessarily caused by wildcard in the
subject's CN. Could you please upgrade to the latest snapshot from
HttpClient trunk [1], execute the request with context logging on [2]
and post the resultant log to this list?
Oleg
[1] https://github.com/apache/httpclient/tree/trunk
[2] http://hc.apache.org/httpcomponents-client-4.3.x/logging.html
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org