hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1302) AllowAllHostnameVerifier should not access session
Date Sun, 20 Jan 2013 20:48:13 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13558384#comment-13558384

Oleg Kalnichevski commented on HTTPCLIENT-1302:

It is a no-op as far as host name validation is concerned. The reverse DNS lookup is issued
by the Java SSL stack and has nothing to do with AllowAllHostnameVerifier as such. It is a
part of the initial SSL handshake and would have taken place with or without AllowAllHostnameVerifier.

> AllowAllHostnameVerifier should not access session
> --------------------------------------------------
>                 Key: HTTPCLIENT-1302
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1302
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.2.3
>            Reporter: Philippe Mouawad
>             Fix For: 4.2.4
> Hello,
> We are facing a bug in JMeter:
> - https://issues.apache.org/bugzilla/show_bug.cgi?id=54449
> Analyzing code, I noticed AllowAllHostnameVerifier ends up calling AbstractVerifier#verify(String
host, SSLSocket ssl) which does more job than it should for AllowAllHostname policy

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message