/async-http-client

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for #197 -- use a hostname verifier that does hostname verification #510

Merged
merged 3 commits into from Mar 30, 2014
+256 −8

Conversation

Reviewers
No reviews
Assignees

@jfarcand jfarcand

Labels
Projects
None yet
Milestone
  1.9.0
3 participants
@wsargent @jfarcand @slandelle
@wsargent
Contributor

wsargent commented Mar 25, 2014

Fix for #197

See http://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/ and http://tersesystems.com/2014/03/23/fixing-hostname-verification/

New certificates created with:

keytool -genkeypair \
   -keystore keystore.jks \
  -dname "CN=OLEKSIYS-W3T, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US" \
  -keypass changeit \
  -storepass changeit \
  -keyalg RSA \
  -keysize 2048 \
  -alias s1as \
  -ext SAN=DNS:localhost,IP:127.0.0.1 \
  -validity 9999

keytool -delete -alias s1as -storepass changeit -keystore ssltest-cacerts.jks
keytool -delete -alias s1as -storepass changeit -keystore ssltest-keystore.jks

keytool -importkeystore \
  -srckeystore keystore.jks \
  -srcstoretype JKS \
  -srcstorepass changeit \
  -deststoretype JKS \
  -deststorepass changeit \
  -destkeystore ssltest-keystore.jks

keytool -importkeystore \
  -srckeystore keystore.jks \
  -srcstoretype JKS \
  -srcstorepass changeit \
  -deststoretype JKS \
  -deststorepass changeit \
  -destkeystore  ssltest-cacerts.jks

To view the new certificate:

keytool -list -v -alias s1as -storepass changeit -keystore  ssltest-cacerts.jks

jfarcand added a commit that referenced this pull request Mar 30, 2014

@jfarcand
Merge pull request #510 from wsargent/fix-197 
Fix for #197 -- use a hostname verifier that does hostname verification
3c9152e

@jfarcand jfarcand merged commit 3c9152e into AsyncHttpClient:master Mar 30, 2014

@jfarcand

This comment has been minimized.

Sign in to view
Contributor

jfarcand commented Mar 30, 2014

Thanks!!!!

@slandelle slandelle added the Enhancement label Mar 30, 2014

@slandelle slandelle added this to the 2.0.0.Alpha1 milestone Mar 30, 2014

@slandelle slandelle assigned jfarcand Mar 30, 2014

slandelle pushed a commit that referenced this pull request Jul 10, 2014

Stephane Landelle
Use a hostname verifier that does hostname verification, backport #510, 
close #197
a894583

@slandelle slandelle modified the milestones: 1.9.0, 2.0.0.Alpha1 Jul 10, 2014

varyvol added a commit to varyvol/async-http-client that referenced this pull request Nov 13, 2018

Stephane Landelle @varyvol
Use a hostname verifier that does hostname verification, backport Asy… 
…ncHttpClient#510, close AsyncHttpClient#197
c8e7c7f

varyvol added a commit to jenkinsci/lib-async-http-client that referenced this pull request Nov 20, 2018

@varyvol
[JENKINS-54601] Include security fixes from 1.9.40 in 1.7.24.X (#3) 
* Change version for jenkins
* [SECURITY-650] Introduce acceptAnyCertificate config, defaulting to false
* Use a hostname verifier that does hostname verification, backport AsyncHttpClient#510, close AsyncHttpClient#197
* Bump netty version
* Restore necessary compatibility
* [JENKINS-54601] Fix test failures.
* [JENKINS-54601] Correct POM info.
* Add script to make it easier to get a working JDK7 environment
* [JENKINS-54601] Include proper hostname verifier logic.
* [JENKINS-54601] Update README.
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
20b3885
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment