hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Dupre (JIRA)" <j...@apache.org>
Subject [jira] Created: (HTTPCLIENT-1051) SSL connections cannot be established using resolvable IP address
Date Thu, 03 Feb 2011 16:30:28 GMT
SSL connections cannot be established using resolvable IP address

                 Key: HTTPCLIENT-1051
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1051
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpConn
    Affects Versions: 4.1 Final
            Reporter: Alex Dupre
            Priority: Blocker

HttpClient 4.1 introduced a regression in establishing SSL connections to remote peers (it
seems this is a common regression for major httpclient updates, see HTTPCLIENT-803).
The new SSLSocketFactory.connectSocket method calls the X509HostnameVerifier with InetSocketAddress.getHostName()
parameter. When the selected IP address has a reverse lookup name, the verifier is called
with the resolved name, and so the IP check fails.
4.0 release checked for original ip/hostname, but this cannot be done with the new connectSocket()
The TestHostnameVerifier.java only checks and so masked the issue, because the
matching certificate has both "localhost" and "", but actually only "localhost" is
matched. A test case with would be better.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message