[HTTPCLIENT-2247] SSLPeerUnverifiedException on matching wildcard certificate (US20 amazon) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 4.5.13
Fix Version/s: None
Component/s: HttpClient (classic)
Labels:
None

Description

In version 4.5.13, the following code piece will throw SSLPeerUnverifiedException. If the host change to "ec2.us-east-1.compute-1.amazonaws.com" and DNS change to "*.us-east-1.compute-1.amazonaws.com", then the exception is gone.

List<SubjectName> subjectAlts = new ArrayList<>();
PublicSuffixMatcher publicSuffixMatcher = PublicSuffixMatcherLoader.getDefault();

// assume a certificate with multiple SANs, some of which might contain wildcards
String host = "ec2.compute-1.amazonaws.com";
subjectAlts.add(SubjectName.DNS("*.compute-1.amazonaws.com"));
try {     
DefaultHostnameVerifier.matchDNSName(host, subjectAlts, publicSuffixMatcher);
}
catch (Exception e) {
    System.out.println(e);
}

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: fan2

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Nov/22 09:26

Updated:: 14/Nov/22 10:44

Resolved:: 12/Nov/22 16:00