[jira] [Commented] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770929#comment-17770929 ] Oleg Kalnichevski commented on HTTPCLIENT-2302: --- >  So anyone could ha

[GitHub] [httpcomponents-core] arturobernalg commented on a diff in pull request #437: HTTPCORE-756: replace CR, LF, NULL in header values with SP per RFC 9110 section 5.5

arturobernalg commented on code in PR #437: URL: https://github.com/apache/httpcomponents-core/pull/437#discussion_r1342183980 ## httpcore5/src/main/java/org/apache/hc/core5/http/message/BufferedHeader.java: ## @@ -110,7 +113,27 @@ public String getName() { @Override

[GitHub] [httpcomponents-core] arturobernalg commented on a diff in pull request #437: HTTPCORE-756: replace CR, LF, NULL in header values with SP per RFC 9110 section 5.5

arturobernalg commented on code in PR #437: URL: https://github.com/apache/httpcomponents-core/pull/437#discussion_r1342183980 ## httpcore5/src/main/java/org/apache/hc/core5/http/message/BufferedHeader.java: ## @@ -110,7 +113,27 @@ public String getName() { @Override

[GitHub] [httpcomponents-core] arturobernalg commented on a diff in pull request #437: HTTPCORE-756: replace CR, LF, NULL in header values with SP per RFC 9110 section 5.5

arturobernalg commented on code in PR #437: URL: https://github.com/apache/httpcomponents-core/pull/437#discussion_r1342183980 ## httpcore5/src/main/java/org/apache/hc/core5/http/message/BufferedHeader.java: ## @@ -110,7 +113,27 @@ public String getName() { @Override

[GitHub] [httpcomponents-core] arturobernalg commented on a diff in pull request #437: HTTPCORE-756: replace CR, LF, NULL in header values with SP per RFC 9110 section 5.5

arturobernalg commented on code in PR #437: URL: https://github.com/apache/httpcomponents-core/pull/437#discussion_r1342183980 ## httpcore5/src/main/java/org/apache/hc/core5/http/message/BufferedHeader.java: ## @@ -110,7 +113,27 @@ public String getName() { @Override

[jira] [Commented] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770922#comment-17770922 ] Marcono1234 commented on HTTPCLIENT-2302: - {quote} do _NOT_ disable the host

[GitHub] [httpcomponents-core] Marcono1234 opened a new pull request, #438: Add security warning to TrustStrategy documentation

Marcono1234 opened a new pull request, #438: URL: https://github.com/apache/httpcomponents-core/pull/438 This tries to make the security aspects of `TrustStrategy` clearer and suggest that it might not be needed when self-signed certificates are used. Relates to #490 Any feedba

[GitHub] [httpcomponents-client] Marcono1234 opened a new pull request, #490: Add security warning to TrustStrategy implementations documentation

Marcono1234 opened a new pull request, #490: URL: https://github.com/apache/httpcomponents-client/pull/490 Tries to improve the documentation of `TrustAllStrategy` and `TrustSelfSignedStrategy` by mentioning their security implications and suggesting more secure alternatives. For `Tr

[GitHub] [httpcomponents-core] ok2c commented on pull request #437: HTTPCORE-756: replace CR, LF, NULL in header values with SP per RFC 9110 section 5.5

ok2c commented on PR #437: URL: https://github.com/apache/httpcomponents-core/pull/437#issuecomment-1742080946 @arturobernalg Please take a look. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to

[GitHub] [httpcomponents-core] ok2c opened a new pull request, #437: HTTPCORE-756: replace CR, LF, NULL in header values with SP per RFC 9110 section 5.5

ok2c opened a new pull request, #437: URL: https://github.com/apache/httpcomponents-core/pull/437 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscrib

[jira] [Resolved] (HTTPCLIENT-2298) Requests reported as pending longer than expected

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski resolved HTTPCLIENT-2298. --- Fix Version/s: 5.2.2 5.3-alpha2 Resolution: Fix

[jira] [Commented] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770860#comment-17770860 ] Oleg Kalnichevski commented on HTTPCLIENT-2302: --- [~Marcono1234] By the

[jira] [Updated] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Osipov updated HTTPCLIENT-2302: --- Description: The examples [ClientCustomSSL|https://github.com/apache/httpcompon

[jira] [Updated] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski updated HTTPCLIENT-2302: -- Description: {+}{+}The examples [ClientCustomSSL|https://github.com/apach

[jira] [Commented] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

[ https://issues.apache.org/jira/browse/HTTPCLIENT-2302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770859#comment-17770859 ] Oleg Kalnichevski commented on HTTPCLIENT-2302: --- [~Marcono1234] These

[jira] [Created] (HTTPCLIENT-2302) Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure

Marcono1234 created HTTPCLIENT-2302: --- Summary: Examples ClientCustomSSL and AsyncClientCustomSSL are misleading and insecure Key: HTTPCLIENT-2302 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2302