[ http://issues.apache.org/jira/browse/HTTPCLIENT-613?page=all ]
Julius Davies updated HTTPCLIENT-613:
-------------------------------------
Attachment: SSLSocketFactory_best.patch
- I think this one is the best patch.
- Okay, it's my first substantial patch to an apache project. I'm excited and
I've gone insane.
- Improved comments even more.
- Attempted to deal with the [*.co.uk] wildcard problem. I think I've taken a
decent first stab at the problem.
> https should check CN of x509 cert
> ----------------------------------
>
> Key: HTTPCLIENT-613
> URL: http://issues.apache.org/jira/browse/HTTPCLIENT-613
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: Nightly Builds
> Reporter: Julius Davies
> Priority: Critical
> Fix For: 4.0 Alpha 1
>
> Attachments: SSLSocketFactory.patch, SSLSocketFactory_best.patch,
> SSLSocketFactory_improved.patch
>
>
> https should check CN of x509 cert
> Since we're essentially rolling our own "HttpsURLConnection", the checking
> provided by "javax.net.ssl.HostnameVerifier" is no longer in place.
> I have a patch I'm about to attach which caused both createSocket() methods
> on o.a.h.conn.ssl.SSLSocketFactory to blowup:
> test1: javax.net.ssl.SSLException: hostname in certificate didn't match:
> <vancity.com> != <www.vancity.com>
> test2: javax.net.ssl.SSLException: hostname in certificate didn't match:
> <vancity.com> != <www.vancity.com>
> Hopefully people agree that this is desirable.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
