hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1119) Server Name Indication (SNI) Support
Date Wed, 16 Oct 2013 14:33:42 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13796831#comment-13796831
] 

Oleg Kalnichevski commented on HTTPCLIENT-1119:
-----------------------------------------------

InetAddress retains the original hostname it was created with. Oracle is not restricted to
using public APIs. There is nothing that prevents them from obtaining the original hostname
without triggering undesired reverse lookups (which I believe is the rationale given for the
present bizarre behavior) . 

There is a reason for having #createSocket and #connectSocket as separate methods: it enables
HttpClient to unblock #connectSocket operation by shutting down the underlying socket. There
is also reason for using InetAddress to represent the target of an outgoing connection.

Oleg

> Server Name Indication (SNI) Support
> ------------------------------------
>
>                 Key: HTTPCLIENT-1119
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>            Reporter: Gus Power
>              Labels: sni, ssl, tls, vhost
>             Fix For: Future
>
>         Attachments: apache_httpclient_4.2.x_sni.patch, HTTPCLIENT-1119-support-SNI-on-Java-7-via-setHost-of.patch
>
>
> Provide support for Server Name Indication (SNI) support as per RFC 3546 (section 3.1).
> Currently attempting to connect to SNI enabled host 'expectedhost' over SSL using http
client results in an SSLException similar to:
> javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost>
!= <defaulthost>
>   at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
> We use SNI on some of our environments and were trying to use httpclient to automatically
test host access and availability.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message