Return-Path: 
 <dev-return-28894-apmail-hc-dev-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-dev-archive@www.apache.org
Delivered-To: apmail-hc-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7F16B10471
	for <apmail-hc-dev-archive@www.apache.org>;
 Thu,  3 Oct 2013 11:43:52 +0000 (UTC)
Received: (qmail 33475 invoked by uid 500); 3 Oct 2013 11:43:52 -0000
Delivered-To: apmail-hc-dev-archive@hc.apache.org
Received: (qmail 33253 invoked by uid 500); 3 Oct 2013 11:43:46 -0000
Mailing-List: contact dev-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hc.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hc.apache.org>
List-Post: <mailto:dev@hc.apache.org>
List-Id: <dev.hc.apache.org>
Reply-To: "HttpComponents Project" <dev@hc.apache.org>
Delivered-To: mailing list dev@hc.apache.org
Received: (qmail 33231 invoked by uid 99); 3 Oct 2013 11:43:43 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Oct 2013 11:43:43 +0000
Date: Thu, 3 Oct 2013 11:43:43 +0000 (UTC)
From: "Sidney Beekhoven (JIRA)" <jira@apache.org>
To: dev@hc.apache.org
Message-ID: <JIRA.12671824.1380718979919.6381.1380800623449@arcas>
In-Reply-To: <JIRA.12671824.1380718979919@arcas>
References: <JIRA.12671824.1380718979919@arcas>
Subject: [jira] [Commented] (HTTPCLIENT-1410)
 AbstractVerifier.acceptableCountryWildcard check not strict enough
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13785022#comment-13785022 ] 

Sidney Beekhoven commented on HTTPCLIENT-1410:
----------------------------------------------

Thanks for the fix, it works now with the BrowserCompatHostnameVerifier.

> AbstractVerifier.acceptableCountryWildcard check not strict enough
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1410
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1410
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.3 Final
>            Reporter: Sidney Beekhoven
>            Priority: Minor
>             Fix For: 4.3.1
>
>
> I work at a company called info.nl in the Netherlands, so our domain is info.nl. We have a wildcard certificate in use for several services, *.info.nl.
> The AbstractVerifier has a method acceptableCountryWildcard which checks that you don't use eg *.co.uk as the wildcard in the certificate. The second to last domain part is checked against a fixed list, which includes info so our wildcard is not accepted.
> Apparantly there are some countries where info.<countrycode> is seen as a top level domain but that is not the case for the netherlands. So the check on this is not strict enough and should also take into account the top level domain.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org