Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: 3.0.17.Final
Component/s: None
Labels:
None

Steps to Reproduce:

Hide

See attached test case: mvn clean test

Show
See attached test case: mvn clean test
Workaround:

Workaround Exists
Workaround Description:

Hide

See workaround in ~~RESTEASY-1089~~

Show
See workaround in RESTEASY-1089

Description

We are calling a REST api via HTTPS (api.smallinvoice.com).
The Server does present a valid SSL wildcard certificate for *.smallinvoice.com.

Seems like RestEasy does certificate validation by doing a DNS lookup an taking the hostname from the DNS response.
Problem is: api.smallinvoice.com is a CNAME for some other server (app1.lourenssystems.ch). That other domain does itself present a certificate that is for a third host (www.pingen.com).

IMHO, RestEasy should take the hostname or CNAME from the DNS response that matches the request url (api.smallinvoice.com in this case) and not the first name presented by the DNS server.

Problem seems not seem to be in the underlying Apache httpclient as using httpclient directly does not produce any errors, see attached test case.
(but maybe I'm using that httpclient wrong).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

testcase.tgz
2 kB
2016/06/03 7:03 AM
testcase.tgz
2 kB
2016/06/03 5:32 AM

Issue Links

duplicates

RESTEASY-1089 Server Name Indication (SNI) Support

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Christoph Linder (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2016/06/03 5:32 AM

Updated:: 2016/08/03 12:24 PM

Resolved:: 2016/08/03 12:24 PM