hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sidney Beekhoven (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1407) AbstractVerfifier.acceptableCountryWildcard not strict enough
Date Wed, 02 Oct 2013 13:00:24 GMT
Sidney Beekhoven created HTTPCLIENT-1407:

             Summary: AbstractVerfifier.acceptableCountryWildcard not strict enough
                 Key: HTTPCLIENT-1407
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1407
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.3 Final
            Reporter: Sidney Beekhoven

I work at a company called info.nl in the Netherlands, so our domain is info.nl. We have a
wildcard certificate in use for several services, *.info.nl.

The AbstractVerifier has a method acceptableCountryWildcard which checks that you don't use
eg *.co.uk as the wildcard in the certificate. The second to last domain part is checked against
a fixed list, which includes info so our wildcard is not accepted.

Apparantly there are some countries where info.<countrycode> is seen as a top level
domain but that is not the case for the netherlands. So the check on this is not strict enough
and should also take into account the top level domain.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message