[
https://issues.apache.org/jira/browse/NET-579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebb closed NET-579.
--------------------
> SSL/TLS SocketClients do not verify the hostname against the certificate
> ------------------------------------------------------------------------
>
> Key: NET-579
> URL: https://issues.apache.org/jira/browse/NET-579
> Project: Commons Net
> Issue Type: Bug
> Components: FTP, IMAP, POP3, SMTP
> Affects Versions: 3.3
> Environment: Java 1.7 (earlier versions cannot verify the hostname)
> Reporter: Simon Arlott
> Priority: Critical
> Labels: security
> Fix For: 3.4
>
> Attachments: NET-579.patch, NET-579_2.patch
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Every subclass of SocketClient that does SSL/TLS will never verify the
> hostname of the server against the certificate. This means that any valid
> certificate for any CA in the default trust store will be accepted without
> error.
> SocketClient should be modified to store the hostname, and
> SMTPSClient/FTPSClient/IMAPSClient/POP3SClient should use it when negotiating
> SSL/TLS.
> Java 1.7 has support for verifying the hostname if
> SSLParameters.setEndpointIdentificationAlgorithm("HTTPS") is used.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
