axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Axis2] - Is Axis2 version 1.4 affected by RFC 2818?
Date Fri, 08 Feb 2019 05:14:36 GMT
Hello Team,

We are using Axis2 1.4 to consume SOAP services from WSDL. Currently, facing issues with the
SSL verification. Error is :

org.apache.axis2.AxisFault: HTTPS hostname invalid: expected '******', received '******1234*****'
                at org.apache.axis2.AxisFault.makeFault(
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(
                at org.apache.axis2.transport.http.HTTPSender.send(
                at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(
                at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(
                at org.apache.axis2.engine.AxisEngine.send(
                at org.apache.axis2.description.OutInAxisOperationClient.send(
                at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(
Caused by: HTTPS hostname invalid: expected '******',
received '******1234*****'
                at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(Unknown
                at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(Unknown
                at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$
                at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(
                at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
                at org.apache.commons.httpclient.HttpClient.executeMethod(
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(
                ... 58 more

We found a similar RFC 2818( ) and also existing issue where the server hostname is being verified via the Subject
name (CN field) and not via the SAN entries.

Is Axis2 1.4 also affected by this ? Which version of axis2 is this issue fixed?
Let us know.


If you are not the addressee, please inform us immediately that you have received this e-mail
by mistake, and delete it. We thank you for your support.

View raw message