On Sat, 2014-08-09 at 13:44 +0100, sebb wrote:
> On 8 August 2014 15:00, <[email protected]> wrote:
> > Author: olegk
> > Date: Fri Aug 8 14:00:55 2014
> > New Revision: 1616758
> >
> > URL: http://svn.apache.org/r1616758
> > Log:
> > Deprecated X509HostnameVerifier interface in favor of standard
> > javax.net.ssl.HostnameVerifier
...
> > private void verifyHostname(final SSLSocket sslsock, final String
> > hostname) throws IOException {
> > try {
> > - this.hostnameVerifier.verify(hostname, sslsock);
> > + SSLSession session = sslsock.getSession();
> > + if (session == null) {
> > + // In our experience this only happens under IBM 1.4.x when
>
> So is this still needed, given that HC requires 1.5+ now?
>
We are even 1.6+ in trunk. I simply do not know whether or not it is
still need. Doing #available on input string is pretty cheap, however.
If it can help in some cases, why not?
>
> > + // spurious (unrelated) certificates show up in the server'
> > + // chain. Hopefully this will unearth the real problem:
> > + final InputStream in = sslsock.getInputStream();
> > + in.available();
> > + // If ssl.getInputStream().available() didn't cause an
> > + // exception, maybe at least now the session is available?
> > + session = sslsock.getSession();
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
