hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Syer (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1138) SSLSocketFactory incorrectly uses InetSocketAddress.toString() to get the hostname
Date Mon, 24 Oct 2011 19:10:32 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13134368#comment-13134368

Dave Syer commented on HTTPCLIENT-1138:

Can you be a bit more explicit about how to work around this in 4.1.*, please?  SSLSocketFactory
itself is not decprecated, and there are many paths to remoteAddress.toString().  In fact
it looks to me like the deprecated code is the only way out - adding a HostNameResolver that
resolves to something whose toString() matches the assumption.  Can you help us out a bit
> SSLSocketFactory incorrectly uses InetSocketAddress.toString() to get the hostname
> ----------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1138
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1138
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.2
>         Environment: Java 6u27
>            Reporter: Marshall Pierce
> I'm getting issues with SSL hostname verification:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost/>
!= <localhost>
> 	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:228)
> 	at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
> 	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
> 	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:130)
> 	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
> 	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
> 	at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
> I think the issue is on SSLSocketFactory:381.
> It gets the hostname that will then be passed to the hostname verifier:
> // HttpInetSocketAddress#toString() returns original hostname value of the remote address
> String hostname = remoteAddress.toString();
> This seems wrong because remoteAddress.toString() (of type InetSocketAddress) calls toString
on the InetAddress inside the InetSocketAddress, and InetAddress#toString() has this in its
> The string returned is of the form: hostname / literal IP address. Note that the comment
seems to indicate the code was originally written against HttpInetSocketAddress, which DOES
have the desired behavior on toString(). The runtime type of remoteAddress is java.net.InetSocketAddress,
not HttpInetSocketAddress.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message