Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
4.4.1
-
OS X with Java 1.8.0_25, Linux with OpenJDK 1.7.0_51
Description
Hi,
Just downloaded
And patched client to replace the HttpGet variable :
HttpGet httpget = new HttpGet("https://raw.githubusercontent.com/test");
From the first example :
https://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientWithResponseHandler.java
Compiled it with :
javac -cp .:httpcomponents-client-4.4.1/lib/httpclient-4.4.1.jar:httpcomponents-core-4.4.1/lib/httpcore-4.4.1.jar ClientWithResponseHandler.java
Run it and get error :
java -cp .:./httpcomponents-client-4.4.1/lib/httpclient-4.4.1.jar:./httpcomponents-core-4.4.1/lib/httpcore-4.4.1.jar:./httpcomponents-client-4.4.1/lib/commons-logging-1.2.jar ClientWithResponseHandler Executing request GET https://raw.githubusercontent.com/test HTTP/1.1 Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Host name 'raw.githubusercontent.com' does not match the certificate subject provided by the peer (CN=www.github.com, O="Fastly, Inc.", ST=California, L=San Francisco, C=US) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139) at ClientWithResponseHandler.main(ClientWithResponseHandler.java:69)
Of course, access to https://raw.githubusercontent.com/test works in Chrome 40 and Firefox 37. The certificate has many hosts :
Non critique Nom DNS: www.github.com Nom DNS: github.com Nom DNS: *.github.com Nom DNS: *.github.io Nom DNS: github.io Nom DNS: *.githubusercontent.com Nom DNS: githubusercontent.com
Maybe some few unit tests might be added to https://github.com/apache/httpclient/blob/a0b31445afb3da5aa91822535ab23f5713162a5e/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
Attachments
Issue Links
- duplicates
-
HTTPCLIENT-1613 Support for so called 'private' domains in Mozilla Public Suffix List
-
- Closed
-