hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Khan <hassankhan...@gmail.com>
Subject Re: Upgrading from Httpclient 3.1 to 4.5 - localhost:443 not responding
Date Thu, 18 May 2017 11:41:35 GMT
You are right..  Thanks.. It was kinda of a wrong question to ask ...

On Thu, May 18, 2017 at 3:35 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Wed, 2017-05-17 at 12:55 -0400, Hassan Khan wrote:
> > Thank oleg for the tip..
> >
> > I did not change the connector till now.. but with APR itself I
> > starting
> > using the prod CA certificate that our company has... instead of the
> > self
> > signed certificate...
> >
> > With httpClient 3.1 all communication work fine.
> >
>
> As I have already explained earlier. HC 3.x does _not_ do any hostname
> validation. It just does not.
>
> > But when I upgraded prod to use the new code having httpclient
> > 4.5.... I
> > get this exception in SSL handshake...
> >     Certificate for XVT doesn't match any of the subject alternative
> > names:
> > ABC, GFD]
> >
> > So looks like I need to turn off the hostname verification in the
> > code or
> > update the Com[any certificate to have CN populated with the values.
> >
>
> No, you should rather make sure that the hostname and the cert
> presented by the server match.
>
>
> > I wanted to know what brought the need to have CN in every
> > Certificate
> > populated gong forward?
> >
>
> Eh, like, CN being mandatory for a cert, should be a good reason,
> should it not?
>
> Oleg
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
Hassan Khan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message