Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2071

HTTPS client accepts certificates with wrong host

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 2.2.14.Final
    • Core
    • None
    • Hide

      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Show
      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

    Description

      Using the Undertow HTTPS client to connect to a server with an SSL certificate that does not match the server's host, succeeds even though it shouldn't.

      Attachments

        1. screenshot.png
          357 kB
          Richard Opalka

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-1260 client cert missing during SSL handshake closes connection without SSL error

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved

          Activity

            People

              ropalka Richard Opalka
              somni451 new acct (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: