Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1792

Improve the error message when hostname verification fails

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 4.4.1, 4.5.2
    • 4.5.3, 5.0 Alpha2
    • HttpClient (classic)
    • None

    Description

      When hostname verification fails org.apache.http.conn.ssl.SSLConnectionSocketFactory will throw a SSLPeerUnverifiedException with a message like this:

      Host name 'FOO' does not match the certificate subject provided by the peer (CN=BAR)

      Expected:
      Including the subject alternative names, rather than the CN, in the message would be a lot more helpful when troubleshooting (and probably more correct since the use of CN matching is deprecated through RFC 2818).

      Attachments

        Activity

          People

            Unassigned Unassigned
            jens.borgland Jens Borgland
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: