Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPCLIENT-1744: normalize hostname and certificate CN when matching to CN 

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5.x@1745908 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2016-05-28 17:01:12 +00:00
parent cbf517ace6
commit 951d6d1bfd
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
View File

@ -176,7 +176,9 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
static void matchCN(final String host, final String cn, static void matchCN(final String host, final String cn,
final PublicSuffixMatcher publicSuffixMatcher) throws SSLException { final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
if (!matchIdentityStrict(host, cn, publicSuffixMatcher)) { final String normalizedHost = host.toLowerCase(Locale.ROOT);
final String normalizedCn = cn.toLowerCase(Locale.ROOT);
if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher)) {
throw new SSLException("Certificate for <" + host + "> doesn't match " + throw new SSLException("Certificate for <" + host + "> doesn't match " +
"common name of the certificate subject: " + cn); "common name of the certificate subject: " + cn);
} }