On Tue, 2019-11-26 at 17:03 +0000, Axel Rezé wrote:
> Hi everyone,
>
> I'm working on a new project using a java 8 context with springboot.
> We are working into securized envs using SSL certification, but i've
> some trouble with the widlcards ! I'm working with the library 4.5.9
>
> In the method "matchIdentity" in the "DefaultHostnameVerifier" has a
> problem.
>
>
> static boolean matchDomainRoot(final String host, final String
> domainRoot) {
> if (domainRoot == null) {
> return false;
> }
> return host.endsWith(domainRoot) && (host.length() ==
> domainRoot.length()
> || host.charAt(host.length() - domainRoot.length() - 1)
> == '.');
> }
>
> "host.endsWith(domainRoot)" is did before wildcar treatment, so any
> match found and an error is throw after in the process. It is
> happening when whe have publicSuffixMatcher :)
>
> I explain :
> url "xxx.yyy.zzz"
> in certificate "*.yyy.zzz"
>
> endWith is trying to do : is "xxx.yyy.zzz" end with "*.yyy.zzz"
> But it doesn't, because of wildcars wasn't took of.
>
> I haven't see any bugs for this, so it was i send this mail ton
> confirm if it was a bug and ask for correction if it is !
>
> Thanksfully,
> Axel.
>
Hi Axel
Please reproduce the issue you see as a bug with a unit test similar to
those found in this class
https://github.com/apache/httpcomponents-client/blob/4.5.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
