hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Bergoin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1642) Issue with github SSL certificate
Date Tue, 21 Apr 2015 20:08:59 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505650#comment-14505650
] 

Richard Bergoin commented on HTTPCLIENT-1642:
---------------------------------------------

Note : I discovered this issue after some patch to gradle (https://issues.gradle.org/browse/GRADLE-3250)
to update HttpClient to 4.4.1 into it.
Then gradle tries to get some dependencies using maven, and tries (unsuccessfully) to connect
to https://raw.githubusercontent.com/repo/maven/....


> Issue with github SSL certificate
> ---------------------------------
>
>                 Key: HTTPCLIENT-1642
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1642
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.4.1
>         Environment: OS X with Java 1.8.0_25, Linux with OpenJDK 1.7.0_51
>            Reporter: Richard Bergoin
>            Priority: Critical
>              Labels: SSL, SSLSocketFactory
>
> Hi,
> Just downloaded 
> And patched client to replace the HttpGet variable : 
> {code}
> HttpGet httpget = new HttpGet("https://raw.githubusercontent.com/test");
> {code}
> From the first example :
> https://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientWithResponseHandler.java
> Compiled it with : 
> {code}
> javac -cp .:httpcomponents-client-4.4.1/lib/httpclient-4.4.1.jar:httpcomponents-core-4.4.1/lib/httpcore-4.4.1.jar
ClientWithResponseHandler.java
> {code}
> Run it and get error : 
> {code}
>  java  -cp .:./httpcomponents-client-4.4.1/lib/httpclient-4.4.1.jar:./httpcomponents-core-4.4.1/lib/httpcore-4.4.1.jar:./httpcomponents-client-4.4.1/lib/commons-logging-1.2.jar
ClientWithResponseHandler
> Executing request GET https://raw.githubusercontent.com/test HTTP/1.1
> Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Host name 'raw.githubusercontent.com'
does not match the certificate subject provided by the peer (CN=www.github.com, O="Fastly,
Inc.", ST=California, L=San Francisco, C=US)
> 	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
> 	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
> 	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
> 	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
> 	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
> 	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
> 	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
> 	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> 	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> 	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> 	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71)
> 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220)
> 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164)
> 	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139)
> 	at ClientWithResponseHandler.main(ClientWithResponseHandler.java:69)
> {code}
> Of course, access to https://raw.githubusercontent.com/test works in Chrome 40 and Firefox
37. The certificate has many hosts :
> {code}
> Non critique
> Nom DNS: www.github.com
> Nom DNS: github.com
> Nom DNS: *.github.com
> Nom DNS: *.github.io
> Nom DNS: github.io
> Nom DNS: *.githubusercontent.com
> Nom DNS: githubusercontent.com
> {code}
> Maybe some few unit tests might be added to https://github.com/apache/httpclient/blob/a0b31445afb3da5aa91822535ab23f5713162a5e/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message