Skip to content

/ async-http-client

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for #197 -- use a hostname verifier that does hostname verification #510

Merged
merged 3 commits into from Mar 30, 2014
Merged

Fix for #197 -- use a hostname verifier that does hostname verification #510

merged 3 commits into from Mar 30, 2014

Conversation

@wsargent
Copy link
Contributor

@wsargent wsargent commented Mar 25, 2014

Fix for #197

See http://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/ and http://tersesystems.com/2014/03/23/fixing-hostname-verification/

New certificates created with:

keytool -genkeypair \
   -keystore keystore.jks \
  -dname "CN=OLEKSIYS-W3T, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US" \
  -keypass changeit \
  -storepass changeit \
  -keyalg RSA \
  -keysize 2048 \
  -alias s1as \
  -ext SAN=DNS:localhost,IP:127.0.0.1 \
  -validity 9999

keytool -delete -alias s1as -storepass changeit -keystore ssltest-cacerts.jks
keytool -delete -alias s1as -storepass changeit -keystore ssltest-keystore.jks

keytool -importkeystore \
  -srckeystore keystore.jks \
  -srcstoretype JKS \
  -srcstorepass changeit \
  -deststoretype JKS \
  -deststorepass changeit \
  -destkeystore ssltest-keystore.jks

keytool -importkeystore \
  -srckeystore keystore.jks \
  -srcstoretype JKS \
  -srcstorepass changeit \
  -deststoretype JKS \
  -deststorepass changeit \
  -destkeystore  ssltest-cacerts.jks

To view the new certificate:

keytool -list -v -alias s1as -storepass changeit -keystore  ssltest-cacerts.jks
wsargent added 3 commits Mar 25, 2014
@wsargent
Fix for #197 -- use a hostname verifier that calls out to HostnameChe…
db6716a 
…cker.
@wsargent
Use reflection to avoid the "not part of JDK" error running tests.
fa056c5
@wsargent
Add new working certs with subjectAltName and ipaddress of 127.0.0.1 …
bbdc1b3 
…to make tests pass
jfarcand added a commit that referenced this pull request Mar 30, 2014
@jfarcand
Merge pull request #510 from wsargent/fix-197
3c9152e 
Fix for #197 -- use a hostname verifier that does hostname verification
@jfarcand jfarcand merged commit 3c9152e into AsyncHttpClient:master Mar 30, 2014
@jfarcand
Copy link
Contributor

@jfarcand jfarcand commented Mar 30, 2014

Thanks!!!!
@slandelle slandelle added this to the 2.0.0.Alpha1 milestone Mar 30, 2014
slandelle pushed a commit that referenced this pull request Jul 10, 2014
Stephane Landelle
Use a hostname verifier that does hostname verification, backport #510,
a894583 
close #197
@slandelle slandelle modified the milestones: 1.9.0, 2.0.0.Alpha1 Jul 10, 2014
varyvol pushed a commit to varyvol/async-http-client that referenced this pull request Nov 13, 2018
Stephane Landelle Evaristo Gutiérrez
Use a hostname verifier that does hostname verification, backport Asy…
c8e7c7f 
…ncHttpClient#510, close AsyncHttpClient#197
varyvol pushed a commit to jenkinsci/lib-async-http-client that referenced this pull request Nov 20, 2018
Evaristo Gutiérrez
[JENKINS-54601] Include security fixes from 1.9.40 in 1.7.24.X (#3)
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
20b3885 
* Change version for jenkins
* [SECURITY-650] Introduce acceptAnyCertificate config, defaulting to false
* Use a hostname verifier that does hostname verification, backport AsyncHttpClient#510, close AsyncHttpClient#197
* Bump netty version
* Restore necessary compatibility
* [JENKINS-54601] Fix test failures.
* [JENKINS-54601] Correct POM info.
* Add script to make it easier to get a working JDK7 environment
* [JENKINS-54601] Include proper hostname verifier logic.
* [JENKINS-54601] Update README.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jfarcand jfarcand

Labels
Enhancement
Projects
None yet
Milestone
1.9.0
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
@wsargent @jfarcand @slandelle