Return-Path: 
 <dev-return-28886-apmail-hc-dev-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-dev-archive@www.apache.org
Delivered-To: apmail-hc-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2DC81105DF
	for <apmail-hc-dev-archive@www.apache.org>;
 Wed,  2 Oct 2013 16:22:47 +0000 (UTC)
Received: (qmail 96043 invoked by uid 500); 2 Oct 2013 16:22:47 -0000
Delivered-To: apmail-hc-dev-archive@hc.apache.org
Received: (qmail 95818 invoked by uid 500); 2 Oct 2013 16:22:44 -0000
Mailing-List: contact dev-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hc.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hc.apache.org>
List-Post: <mailto:dev@hc.apache.org>
List-Id: <dev.hc.apache.org>
Reply-To: "HttpComponents Project" <dev@hc.apache.org>
Delivered-To: mailing list dev@hc.apache.org
Received: (qmail 95795 invoked by uid 99); 2 Oct 2013 16:22:43 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Oct 2013 16:22:43 +0000
Date: Wed, 2 Oct 2013 16:22:43 +0000 (UTC)
From: "Oleg Kalnichevski (JIRA)" <jira@apache.org>
To: dev@hc.apache.org
Message-ID: <JIRA.12671824.1380718979919.788.1380730963586@arcas>
In-Reply-To: <JIRA.12671824.1380718979919@arcas>
References: <JIRA.12671824.1380718979919@arcas>
Subject: [jira] [Updated] (HTTPCLIENT-1410)
 AbstractVerifier.acceptableCountryWildcard check not strict enough
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1410:
------------------------------------------

      Priority: Minor  (was: Major)
    Issue Type: Improvement  (was: Bug)

Essentially are you saying that with the sole exception of the UK *.co.<countrycode>, *.info.<countrycode>, etc should be considered valid wildcards? All I can suggest here that we provide a option to restrict #acceptableCountryWildcard method to .uk domains only. I am not sure enabling it by default would be a good idea, though.

Oleg

> AbstractVerifier.acceptableCountryWildcard check not strict enough
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1410
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1410
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.3 Final
>            Reporter: Sidney Beekhoven
>            Priority: Minor
>
> I work at a company called info.nl in the Netherlands, so our domain is info.nl. We have a wildcard certificate in use for several services, *.info.nl.
> The AbstractVerifier has a method acceptableCountryWildcard which checks that you don't use eg *.co.uk as the wildcard in the certificate. The second to last domain part is checked against a fixed list, which includes info so our wildcard is not accepted.
> Apparantly there are some countries where info.<countrycode> is seen as a top level domain but that is not the case for the netherlands. So the check on this is not strict enough and should also take into account the top level domain.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org