Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2071

HTTPS client accepts certificates with wrong host

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 2.2.14.Final
    • Core
    • None
    • Hide

      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Show
      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Using the Undertow HTTPS client to connect to a server with an SSL certificate that does not match the server's host, succeeds even though it shouldn't.

        1. screenshot.png
          screenshot.png
          357 kB

              ropalka Richard Opalka
              somni451 new acct (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: