Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 3.7.0.Final, 4.1.0.Final
Affects Version/s: 4.0.0.Beta7, 3.6.3.Final
Component/s: None
Labels:
None

HostnameVerificationPolicy.STRICT accepts wildcard certificates. Actually, it has exact same effect as HostnameVerificationPolicy.WILDCARD, because of this

switch (that.getHostnameVerification())
         {
            case ANY:
               verifier = new NoopHostnameVerifier();
               break;
            case WILDCARD:
               verifier = new DefaultHostnameVerifier();
               break;
            case STRICT:
               verifier = new DefaultHostnameVerifier();
               break;
          }

There should be different verifiers used in case of WILDCARD and STRICT.

See my test. Server is secured with wildcard certificate for hostname "*host" (wildcard for localhost) and HostnameVerificationPolicy.STRICT is used. Exception should be thrown but it isn't.

is related to

RESTEASY-1404 RESTEasy should have tests for SSL with WildFly

Resolved

Assignee:: Jim Ma

Reporter:: Tomas Terem (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2019/03/01 10:24 AM

Updated:: 2021/10/24 5:41 AM

Resolved:: 2019/05/12 3:28 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates