hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Dupre (JIRA)" <j...@apache.org>
Subject [jira] Created: (HTTPCLIENT-1051) SSL connections cannot be established using resolvable IP address
Date Thu, 03 Feb 2011 16:30:28 GMT
SSL connections cannot be established using resolvable IP address
-----------------------------------------------------------------

                 Key: HTTPCLIENT-1051
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1051
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpConn
    Affects Versions: 4.1 Final
            Reporter: Alex Dupre
            Priority: Blocker


HttpClient 4.1 introduced a regression in establishing SSL connections to remote peers (it
seems this is a common regression for major httpclient updates, see HTTPCLIENT-803).
The new SSLSocketFactory.connectSocket method calls the X509HostnameVerifier with InetSocketAddress.getHostName()
parameter. When the selected IP address has a reverse lookup name, the verifier is called
with the resolved name, and so the IP check fails.
4.0 release checked for original ip/hostname, but this cannot be done with the new connectSocket()
method. 
The TestHostnameVerifier.java only checks 127.0.0.1/.2 and so masked the issue, because the
matching certificate has both "localhost" and "127.0.0.1", but actually only "localhost" is
matched. A test case with 8.8.8.8 would be better.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message