[
https://issues.apache.org/jira/browse/HTTPCLIENT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski updated HTTPCLIENT-1410:
------------------------------------------
Priority: Minor (was: Major)
Issue Type: Improvement (was: Bug)
Essentially are you saying that with the sole exception of the UK
*.co.<countrycode>, *.info.<countrycode>, etc should be considered valid
wildcards? All I can suggest here that we provide a option to restrict
#acceptableCountryWildcard method to .uk domains only. I am not sure enabling
it by default would be a good idea, though.
Oleg
> AbstractVerifier.acceptableCountryWildcard check not strict enough
> ------------------------------------------------------------------
>
> Key: HTTPCLIENT-1410
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1410
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.3 Final
> Reporter: Sidney Beekhoven
> Priority: Minor
>
> I work at a company called info.nl in the Netherlands, so our domain is
> info.nl. We have a wildcard certificate in use for several services,
> *.info.nl.
> The AbstractVerifier has a method acceptableCountryWildcard which checks that
> you don't use eg *.co.uk as the wildcard in the certificate. The second to
> last domain part is checked against a fixed list, which includes info so our
> wildcard is not accepted.
> Apparantly there are some countries where info.<countrycode> is seen as a top
> level domain but that is not the case for the netherlands. So the check on
> this is not strict enough and should also take into account the top level
> domain.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
