[ http://issues.apache.org/jira/browse/HTTPCLIENT-613?page=comments#action_12456645 ] Oleg Kalnichevski commented on HTTPCLIENT-613: ----------------------------------------------
> Not sure how to deal with this 2nd patch. Do I upload a new patch containing > both fixes? Yes, you do. That's the easiest way. Overall the patch looks good to me. I'll review it a little more thoroughly in the morning and commit the changes to SVN Many thanks for this contribution, Julius Oleg > https should check CN of x509 cert > ---------------------------------- > > Key: HTTPCLIENT-613 > URL: http://issues.apache.org/jira/browse/HTTPCLIENT-613 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient > Affects Versions: Nightly Builds > Reporter: Julius Davies > Priority: Critical > Fix For: 4.0 Alpha 1 > > Attachments: SSLSocketFactory.patch > > > https should check CN of x509 cert > Since we're essentially rolling our own "HttpsURLConnection", the checking > provided by "javax.net.ssl.HostnameVerifier" is no longer in place. > I have a patch I'm about to attach which caused both createSocket() methods > on o.a.h.conn.ssl.SSLSocketFactory to blowup: > test1: javax.net.ssl.SSLException: hostname in certificate didn't match: > <vancity.com> != <www.vancity.com> > test2: javax.net.ssl.SSLException: hostname in certificate didn't match: > <vancity.com> != <www.vancity.com> > Hopefully people agree that this is desirable. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
