Thank oleg for the tip..
I did not change the connector till now.. but with APR itself I starting
using the prod CA certificate that our company has... instead of the self
signed certificate...
With httpClient 3.1 all communication work fine.
But when I upgraded prod to use the new code having httpclient 4.5.... I
get this exception in SSL handshake...
Certificate for XVT doesn't match any of the subject alternative names:
ABC, GFD]
So looks like I need to turn off the hostname verification in the code or
update the Com[any certificate to have CN populated with the values.
I wanted to know what brought the need to have CN in every Certificate
populated gong forward?
Thanks
Hassan
On Sat, May 6, 2017 at 4:37 AM, Oleg Kalnichevski <[email protected]> wrote:
> On Fri, 2017-05-05 at 09:49 -0400, Hassan Khan wrote:
> > Hi,
> >
> > Finally I could solve the issue... the problem was using NIO
> > connector with
> > httpclient 4.5
> >
> > once I changed the connector to APR the problem went away.
> > The right setting is:
> > <Connector
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > port="443" clientAuth="false" sslProtocol="TLS"
> > SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
> > SSLCertificateFile="ABC.crt"
> > SSLCertificateKeyFile="TRE.key"
> > SSLEngine="on" SSLVerifyDepth="2"
> > />
> >
> > Still do not understand how httpclient 3.1 would work with Nio
> > connector
> > properly.
> >
>
> httpclient 3.1 does not perform hostname verification of any kind. I
> strongly suspect that if you disable hostname verification in
> httpclient 4.x it should work with the NIO connector as well.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
--
Hassan Khan
