[
https://issues.apache.org/jira/browse/HTTPCLIENT-2280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yannick Dylla closed HTTPCLIENT-2280.
-------------------------------------
Resolution: Invalid
> HostnameVerifier does not support using IP address in CN
> --------------------------------------------------------
>
> Key: HTTPCLIENT-2280
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2280
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 5.0.4
> Reporter: Yannick Dylla
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Hi,
> we are migrating from the 4.x client to 5.x and noticed that the behavior of
> the DefaultHostnameVerifier changed. Since HTTPCLIENT-2149
> https://github.com/apache/httpcomponents-client/pull/302 the HostnameVerifier
> does no longer accept certificates with an ip address in its CN and with no
> subject alts. Verification fails with "Certificate for <127.0.0.1> doesn't
> match any of the subject alternative names: []".
> I know using ip addresses in the CN is not really recommended or good
> practice, but I also see no reason to not use the `matchCN` fallback in this
> case. The functionality was probably just removed by accident with
> HTTPCLIENT-2149.
> I will open A github PR with my proposed solution once I know the number of
> this issue :)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
