From 19e029924f00594f5143711673ec9b24fd1c48fb Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Thu, 11 Oct 2007 09:19:45 +0000
Subject: [PATCH] HTTPCLIENT-617: Hostname verification: turn off wildcards
 when CN is an IP address

Contributed by Julius Davies <juliusdavies at gmail.com>
Reviewed by Oleg Kalnichevski


git-svn-id: https://svn.apache.org/repos/asf/jakarta/httpcomponents/httpclient/trunk@583749 13f79535-47bb-0310-9956-ffa450edef68
---
 .../main/java/org/apache/http/conn/ssl/AbstractVerifier.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java b/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
index 84d0f9a4c..faf9657e9 100644
--- a/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/module-client/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
@@ -31,6 +31,8 @@
 
 package org.apache.http.conn.ssl;
 
+import org.apache.http.conn.util.InetAddressUtils;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.Certificate;
@@ -195,7 +197,8 @@ public abstract class AbstractVerifier implements HostnameVerifier {
             // [*.org.uk], etc...
             boolean doWildcard = cn.startsWith("*.") &&
                                  cn.lastIndexOf('.') >= 0 &&
-                                 acceptableCountryWildcard(cn);
+                                 acceptableCountryWildcard(cn) &&
+                                 !InetAddressUtils.isIPv4Address(host);
 
             if(doWildcard) {
                 match = hostName.endsWith(cn.substring(1));