Farzad Kohantorabi created HTTPCLIENT-2058:
----------------------------------------------
Summary: DefaultHostnameVerifier does not verify local DNS names
Key: HTTPCLIENT-2058
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2058
Project: HttpComponents HttpClient
Issue Type: Bug
Affects Versions: 4.5.11
Reporter: Farzad Kohantorabi
This seems to be a problem that's introduced in 4.5.11. DefaultHostnameVerifier
does not verify local DNS names against certs anymore and throws the following
error for one of our certs. The same code works fine in 4.5.10.
{code:java}
Certificate for <app-uat.le.dp.xyz.local> doesn't match any of the subject
alternative names: [app-uat.le.dp.xyz.local, C1234.LE.DP.XYZ.LOCAL] executing
POST https://app-uat.le.dp.xyz.local:8443/someurl {code}
I traced the issue down to
org.apache.http.conn.ssl.DefaultHostnameVerifier#matchIdentity line 204 where
publicSuffixMatcher.getDomainRoot(identity, domainType) returns null for
app-uat.le.dp.xyz.local where as in version 4.5.10 it returns "local".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
