[jira] [Resolved] (HTTPCLIENT-1578) Regression between v4.1 and v4.1.1 regarding validation of SSL certificates for servers with multiple VirtualHost serving HTTPS

Tue, 11 Nov 2014 12:42:12 -0800 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1578.
-------------------------------------------
    Resolution: Invalid

> Regression between v4.1 and v4.1.1 regarding validation of SSL certificates 
> for servers with multiple VirtualHost serving HTTPS
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1578
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1578
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>            Reporter: Richard Comblen
>
> We have a service provider hosting a web application (Atlassian Stash) behind 
> https proxy. The server hosting this proxy hosts other VirtualHosts using 
> https.
> We have a client application (Jenkins) submitting POST requests to that 
> application using the httpclient library.
> We realized that starting with version 4.1.1 of the library, we get an SSL 
> exception related to hostname verification.
> I've created a minimal example hosted on GitHub: 
> https://github.com/rcomblen/HttpClientRegressionTest
> Debugging, you will see that the only certificate retrieved by the SSLSocket 
> object corresponds to atlashost.eu (the hosting provider) and not *.kreios.lu 
> (our own certificate).
> It seems the library behaves like the openssl command line if you miss the 
> -servername argument:
> {code}
> $ openssl s_client -connect stash.kreios.lu:443 2>/dev/null | grep subject
> subject=/description=p7VPQDLL2DWTo7A5/C=PL/ST=Gdansk/L=Gniew/O=Damian 
> Nowak/CN=*.atlashost.eu/[email protected]
> $ openssl s_client -connect stash.kreios.lu:443 -servername stash.kreios.lu 
> 2>/dev/null | grep subject
> subject=/serialNumber=LwCTQJjJj94odszLnywxXW0AJcv0vdlc/OU=GT98629041/OU=See 
> www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - 
> RapidSSL(R)/CN=*.kreios.lu
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to