ok2c commented on PR #647: URL: https://github.com/apache/httpcomponents-client/pull/647#issuecomment-2959497553
@rschmitt Apparently the RFC that specifies the expected client behavior is [6125](https://www.rfc-editor.org/rfc/rfc6125#section-6.4.3). It does not explicitly mention the PSL but it is not a stretch to suggest that clients are expected to take public suffices into account when checking wildcards in certificates. The best course of action would not have to do the hostname verification at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
