hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@gmail.com>
Subject Re: SSLException: hostname in certificate didn't match: <gulesider.no> != <*.gulesider.no>
Date Fri, 08 Feb 2008 00:26:09 GMT
Hi, Bjørn,

HTTPClient is behaving exactly like IE6, IE7, and Firefox here.  If
you tried using those browsers to connect to "https://gulesider.no",
you would get a popup window warning you against the site.

I see that "https://www.gulesider.no" is available and appears to
behave the same as the non-www site.  Consider using that URL instead!

yours,

Julius

ps.  Firefox and Httpclient both agree the following are all valid
with a *.gulesider.no certificate:

www.gulesider.no
a.gulesider.no
b.gulesider.no
a.b.gulesider.no
a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.z.gulesider.no
a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.a.gulesider.no


IE6 on the other hand only thinks the following are valid:

www.gulesider.no
a.gulesider.no
b.gulesider.no


etc...

But BOTH IE6 and Firefox, and HTTPClient for that matter, agree that
"gulesider.no" is not a valid match against a *.gulesider.no
certificate.

For more information you can check this page out:
http://wiki.cacert.org/wiki/WildcardCertificates


yours,

Julius


On Feb 7, 2008 11:15 AM, Roland Weber <ossfwot@dubioso.net> wrote:
> Hi Bjørn,
>
> by definition, a certificate issued for *.gulesider.no is
> valid for www.gulesider.no and any other host in the domain
> .guleside.no, but not for a host called gulesider.no which
> is in domain ".no".
> If that is possible, you should contact the server with the
> full hostname, including the "www" or whatever is applicable.
> If that isn't possible, you will have to implement your own
> X509HostnameVerifier (recently renamed in trunk) and call
> SSLSocketFactory.setHostnameVerifier() to install it.
>
> hope that helps,
>   Roland
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>



-- 
yours,

Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message