From 951d6d1bfd187c86c01e5d797e86f1aa12f5dae0 Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Sat, 28 May 2016 17:01:12 +0000
Subject: [PATCH] HTTPCLIENT-1744: normalize hostname and certificate CN when
 matching to CN

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5.x@1745908 13f79535-47bb-0310-9956-ffa450edef68
---
 .../org/apache/http/conn/ssl/DefaultHostnameVerifier.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
index 360b7b3aa..eb1f65372 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
@@ -176,7 +176,9 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
 
     static void matchCN(final String host, final String cn,
                  final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
-        if (!matchIdentityStrict(host, cn, publicSuffixMatcher)) {
+        final String normalizedHost = host.toLowerCase(Locale.ROOT);
+        final String normalizedCn = cn.toLowerCase(Locale.ROOT);
+        if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher)) {
             throw new SSLException("Certificate for <" + host + "> doesn't match " +
                     "common name of the certificate subject: " + cn);
         }