hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Khan <hassankhan...@gmail.com>
Subject Re: Upgrading from Httpclient 3.1 to 4.5 - localhost:443 not responding
Date Wed, 17 May 2017 16:55:15 GMT
Thank oleg for the tip..

I did not change the connector till now.. but with APR itself I starting
using the prod CA certificate that our company has... instead of the self
signed certificate...

With httpClient 3.1 all communication work fine.

But when I upgraded prod to use the new code having httpclient 4.5.... I
get this exception in SSL handshake...
    Certificate for XVT doesn't match any of the subject alternative names:
ABC, GFD]

So looks like I need to turn off the hostname verification in the code or
update the Com[any certificate to have CN populated with the values.

I wanted to know what brought the need to have CN in every Certificate
populated gong forward?

Thanks
Hassan


On Sat, May 6, 2017 at 4:37 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Fri, 2017-05-05 at 09:49 -0400, Hassan Khan wrote:
> > Hi,
> >
> > Finally I could solve the issue... the problem was using NIO
> > connector with
> > httpclient 4.5
> >
> > once I changed the connector to APR the problem went away.
> > The right setting is:
> >         <Connector
> > protocol="org.apache.coyote.http11.Http11AprProtocol"
> > port="443" clientAuth="false" sslProtocol="TLS"
> > SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
> > SSLCertificateFile="ABC.crt"
> > SSLCertificateKeyFile="TRE.key"
> >     SSLEngine="on" SSLVerifyDepth="2"
> >    />
> >
> > Still do not understand how httpclient 3.1 would work with Nio
> > connector
> > properly.
> >
>
> httpclient 3.1 does not perform hostname verification of any kind. I
> strongly suspect that if you disable hostname verification in
> httpclient 4.x it should work with the NIO connector as well.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
Hassan Khan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message