hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1406217 - in /httpcomponents/httpclient/trunk: RELEASE_NOTES.txt httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
Date Tue, 06 Nov 2012 16:49:49 GMT
Author: olegk
Date: Tue Nov  6 16:49:49 2012
New Revision: 1406217

URL: http://svn.apache.org/viewvc?rev=1406217&view=rev
Log:
HTTPCLIENT-1255: AbstractVerifier incorrectly parses certificate CN containing wildcard

Modified:
    httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
    httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java

Modified: httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt?rev=1406217&r1=1406216&r2=1406217&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpclient/trunk/RELEASE_NOTES.txt Tue Nov  6 16:49:49 2012
@@ -1,7 +1,10 @@
-Changes since 4.2.1 
+Changes in trunk
 -------------------
 
-* [HTTPCLIENT-1248]: Default and lax redirect strategies should not convert requests redirected

+* [HTTPCLIENT-1255] AbstractVerifier incorrectly parses certificate CN containing wildcard
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
+* [HTTPCLIENT-1248] Default and lax redirect strategies should not convert requests redirected
   with 307 status to GET method.  
   Contributed by Oleg Kalnichevski <olegk at apache.org>
 

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java?rev=1406217&r1=1406216&r2=1406217&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
Tue Nov  6 16:49:49 2012
@@ -43,8 +43,6 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
 import java.util.StringTokenizer;
-import java.util.logging.Logger;
-import java.util.logging.Level;
 
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSession;
@@ -204,9 +202,10 @@ public abstract class AbstractVerifier i
                                  !isIPAddress(host);
 
             if(doWildcard) {
-                if (parts[0].length() > 1) { // e.g. server*
-                    String prefix = parts[0].substring(0, parts.length-2); // e.g. server
-                    String suffix = cn.substring(parts[0].length()); // skip wildcard part
from cn
+                String firstpart = parts[0];
+                if (firstpart.length() > 1) { // e.g. server*
+                    String prefix = firstpart.substring(0, firstpart.length() - 1); // e.g.
server
+                    String suffix = cn.substring(firstpart.length()); // skip wildcard part
from cn
                     String hostSuffix = hostName.substring(prefix.length()); // skip wildcard
part from host
                     match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix);
                 } else {
@@ -302,8 +301,6 @@ public abstract class AbstractVerifier i
             c = cert.getSubjectAlternativeNames();
         }
         catch(CertificateParsingException cpe) {
-            Logger.getLogger(AbstractVerifier.class.getName())
-                    .log(Level.FINE, "Error parsing certificate.", cpe);
         }
         if(c != null) {
             for (List<?> aC : c) {

Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java?rev=1406217&r1=1406216&r2=1406217&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
Tue Nov  6 16:49:49 2012
@@ -300,7 +300,7 @@ public class TestHostnameVerifier {
     }
 
     @Test
-    public void HTTPCLIENT_1097() {
+    public void testHTTPCLIENT_1097() {
         String cns[];
         String alt[] = {};
         X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
@@ -318,6 +318,17 @@ public class TestHostnameVerifier {
         checkWildcard("s*.gouv.uk", false); // 2 character TLD, invalid 2TLD
     }
 
+    @Test
+    public void testHTTPCLIENT_1255() {
+        X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
+        X509HostnameVerifier shv = new StrictHostnameVerifier();
+
+        String cns[] = new String []{"m*.a.b.c.com"}; // component part
+        String alt[] = {};
+        checkMatching(bhv, "mail.a.b.c.com", cns, alt, false); // OK
+        checkMatching(shv, "mail.a.b.c.com", cns, alt, false); // OK
+    }
+
     // Helper
     private void checkWildcard(String host, boolean isOK) {
         Assert.assertTrue(host+" should be "+isOK, isOK==AbstractVerifier.acceptableCountryWildcard(host));



Mime
View raw message