Karl Wright created HTTPCLIENT-1275:
---------------------------------------
Summary: AllowAllHostnameVerifier does not prevent SSL handshake
verification errors
Key: HTTPCLIENT-1275
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1275
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpConn
Affects Versions: 4.2.2
Reporter: Karl Wright
Assignee: Karl Wright
Fix For: 4.2.3
In debugging unverified SSL connections for the ManifoldCF RSS connector, I
discovered that even with AllowAllHostnameVerifier(), which supposedly shuts
down SSL hostname verification, the SSLSession method getPeerCertificates() can
cause an exception anyway, before the overridden method is called, because peer
authentication has not yet occurred.
See CONNECTORS-579 for details, and for the exact trace.
I'm also looking for suggestions as to how to properly fix this. One
possibility would be to catch the exception and pass null for the peer certs to
the verify method. Since that loses the exception, though, it might be better
to change the method signature of the overridden verify() method and include an
Exception object, which could get rethrown if needed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
