hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: DefaultHostnameVerifier for private domains
Date Mon, 20 Jan 2020 12:52:13 GMT
On Mon, 2020-01-20 at 11:49 +0000, Daniel wrote:
> Hi folks 👋
> 
> I believe the recent change to
> https://github.com/apache/httpcomponents-client/pull/198 broke
> validation
> for private domains.
> The domain type is now forced to ICANN. In my scenario this causes a
> valid
> cert check for foo.bar to fail because bar is not part of the
> PublicSuffixMatcher rules forcing the getDomainRoot to return a null
> object
> and thus failing validation in the matchDomainRoot method.

Could you please provide us with the exact domain name, the cert CN and
alternative subject names, or better yet add a test case that passes
with 4.5.10 and fails with 4.5.11?

https://github.com/apache/httpcomponents-client/blob/4.5.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message