Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPCLIENT-1255: AbstractVerifier incorrectly parses certificate CN containing wildcard 

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1406217 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2012-11-06 16:49:49 +00:00
parent 44f798c9bf
commit b930227f90
3 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
RELEASE_NOTES.txt
View File

@ -1,7 +1,10 @@
Changes since 4.2.1
Changes in trunk
-------------------
* [HTTPCLIENT-1248]: Default and lax redirect strategies should not convert requests redirected
* [HTTPCLIENT-1255] AbstractVerifier incorrectly parses certificate CN containing wildcard
Contributed by Oleg Kalnichevski <olegk at apache.org>
* [HTTPCLIENT-1248] Default and lax redirect strategies should not convert requests redirected
with 307 status to GET method.
Contributed by Oleg Kalnichevski <olegk at apache.org>

11
httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
View File

@ -43,8 +43,6 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.logging.Logger;
import java.util.logging.Level;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
@ -204,9 +202,10 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
!isIPAddress(host);
if(doWildcard) {
if (parts[0].length() > 1) { // e.g. server*
String prefix = parts[0].substring(0, parts.length-2); // e.g. server
String suffix = cn.substring(parts[0].length()); // skip wildcard part from cn
String firstpart = parts[0];
if (firstpart.length() > 1) { // e.g. server*
String prefix = firstpart.substring(0, firstpart.length() - 1); // e.g. server
String suffix = cn.substring(firstpart.length()); // skip wildcard part from cn
String hostSuffix = hostName.substring(prefix.length()); // skip wildcard part from host
match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix);
} else {
@ -302,8 +301,6 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
c = cert.getSubjectAlternativeNames();
}
catch(CertificateParsingException cpe) {
Logger.getLogger(AbstractVerifier.class.getName())
.log(Level.FINE, "Error parsing certificate.", cpe);
}
if(c != null) {
for (List<?> aC : c) {

13
httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
View File

@ -300,7 +300,7 @@ public class TestHostnameVerifier {
}
@Test
public void HTTPCLIENT_1097() {
public void testHTTPCLIENT_1097() {
String cns[];
String alt[] = {};
X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
@ -318,6 +318,17 @@ public class TestHostnameVerifier {
checkWildcard("s*.gouv.uk", false); // 2 character TLD, invalid 2TLD
}
@Test
public void testHTTPCLIENT_1255() {
X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
X509HostnameVerifier shv = new StrictHostnameVerifier();
String cns[] = new String []{"m*.a.b.c.com"}; // component part
String alt[] = {};
checkMatching(bhv, "mail.a.b.c.com", cns, alt, false); // OK
checkMatching(shv, "mail.a.b.c.com", cns, alt, false); // OK
}
// Helper
private void checkWildcard(String host, boolean isOK) {
Assert.assertTrue(host+" should be "+isOK, isOK==AbstractVerifier.acceptableCountryWildcard(host));