hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vasileff (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1119) Server Name Indication (SNI) Support
Date Fri, 15 Feb 2013 15:33:14 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13579247#comment-13579247

John Vasileff commented on HTTPCLIENT-1119:

Oleg, thanks, it's good to know that there is an easy work around for developers using the

But that doesn't really help users of all of the apps that use the library. It is unrealistic,
even for a developer, to patch or run custom builds of all apps that use HttpClient.

I'm sure developers of the numerous apps using HttpClient are mostly not aware of SNI issues.
Even for the ones that are, requiring Java 7 or including a bit of ugliness and the work involved
is being pushed down to thousands of apps rather than being addressed in one place.

If this affects a fair number of Android apps, I'd have to agree with Josef that this is a
huge issue. In my quick research after trying to deploy some internal SNI https sites, it
seems most major platforms newer than Windows XP support SNI today. IP addresses are harder
and harder to come by, and it sure would be nice to be able to use SNI.


p.s. - I came across this issue when trying to deploy a maven repository behind SNI/https.
> Server Name Indication (SNI) Support
> ------------------------------------
>                 Key: HTTPCLIENT-1119
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>            Reporter: Gus Power
>              Labels: sni, ssl, tls, vhost
>             Fix For: Future
>         Attachments: HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http
client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost>
!= <defaulthost>
>   at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically
test host access and availability.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message