I have been seeing SSL exceptions being thrown relating to certificates not matching in builds from trunk recently. I have traced this back to a httpclient upgrade from 4.1.1 to 4.1.2. Would anyone be opposed to reverting back to 4.1.1 for the time being?
Looking that the changes that went into 4.1.2, this change looks like it might be related to the problem. I have CCed Sebastian, maybe he can confirm. * [HTTPCLIENT-1097] BrowserCompatHostnameVerifier and StrictHostnameVerifier should handle wildcards in SSL certificates better. Contributed by Sebastian Bazley <sebb at apache.org> INFO: The following exception occurred when fetching https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js: 405 ms elapsed. Nov 7, 2011 1:38:28 PM org.apache.shindig.gadgets.http.BasicHttpFetcher fetch INFO: javax.net.ssl.SSLException: hostname in certificate didn't match: <ajax.googleapis.com/74.125.115.95> != <*.googleapis.com> OR <googleapis.com> OR <*.googleapis.com> at org.apache.http.conn.ssl.AbstractVerifier.verify( AbstractVerifier.java:228) at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify( BrowserCompatHostnameVerifier.java:54) at org.apache.http.conn.ssl.AbstractVerifier.verify( AbstractVerifier.java:149) at org.apache.http.conn.ssl.AbstractVerifier.verify( AbstractVerifier.java:130) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket( SSLSocketFactory.java:397) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket( SSLSocketFactory.java:495) at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket( SchemeSocketFactoryAdaptor.java:62) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection( DefaultClientConnectionOperator.java:148) at org.apache.http.impl.conn.AbstractPoolEntry.open( AbstractPoolEntry.java:149) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open( AbstractPooledConnAdapter.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect( DefaultRequestDirector.java:573) at org.apache.http.impl.client.DefaultRequestDirector.execute( DefaultRequestDirector.java:425) at org.apache.http.impl.client.AbstractHttpClient.execute( AbstractHttpClient.java:820) at org.apache.http.impl.client.AbstractHttpClient.execute( AbstractHttpClient.java:776) at org.apache.shindig.gadgets.http.BasicHttpFetcher.fetch( BasicHttpFetcher.java:361) at org.apache.shindig.gadgets.http.DefaultRequestPipeline.execute( DefaultRequestPipeline.java:108) at org.apache.shindig.gadgets.http.MultipleResourceHttpFetcher$HttpFetchCallable.call( MultipleResourceHttpFetcher.java:105) at org.apache.shindig.gadgets.http.MultipleResourceHttpFetcher$HttpFetchCallable.call( MultipleResourceHttpFetcher.java:92) at java.util.concurrent.FutureTask$Sync.innerRun( FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask( ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Nov 7, 2011 1:38:28 PM org.apache.shindig.gadgets.servlet.ConcatProxyServlet outputError INFO: The following error occurred when requesting a concatenated proxy: /* ---- Error INTERNAL_SERVER_ERROR concat( https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js) javax.net.ssl.SSLException: hostname in certificate didn't match: <ajax.googleapis.com/74.125.115.95> != <*.googleapis.com> OR <googleapis.com> OR <*.googleapis.com> ---- */. -Ryan Email: rjbax...@us.ibm.com Phone: 978-899-3041 developerWorks Profile
