Hostname verification: turn off wildcards when CN is an IP address
-------------------------------------------------------------------
Key: HTTPCLIENT-617
URL: http://issues.apache.org/jira/browse/HTTPCLIENT-617
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpConn
Affects Versions: Nightly Builds
Reporter: Julius Davies
Priority: Minor
Hostname verification: turn off wildcards when CN is an IP address. This is
a further improvement on HTTPCLIENT-613 and HTTPCLIENT-614.
Example - don't allow:
CN=*.114.102.2
I'm thinking of grabbing the substring following the final dot, and running it
through "Integer.parseInt()". If the NumberFormatException isn't thrown (so
Integer.parseInt() actually worked!), then I'll turn off wildcard matching.
Notice that this won't be a problem with IP6 addresses, since they don't use
dots. It's only a problem with IP4, where the meaning of the dots clashes with
dots in domain names.
Note: when I turn off wildcard matching, I still attempt an exact match with
the hostname. If through some weird mechanism the client is actually able to
use a hostname such as "https://*.114.102.2/";, then they will be okay if that's
what the certificate on the server contains.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
