Skip to content

Fix for #197 -- use a hostname verifier that does hostname verification #510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 30, 2014
Merged

Fix for #197 -- use a hostname verifier that does hostname verification #510

merged 3 commits into from
Mar 30, 2014

Conversation

wsargent
Copy link
Contributor

Fix for #197

See http://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/ and http://tersesystems.com/2014/03/23/fixing-hostname-verification/

New certificates created with:

keytool -genkeypair \
   -keystore keystore.jks \
  -dname "CN=OLEKSIYS-W3T, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US" \
  -keypass changeit \
  -storepass changeit \
  -keyalg RSA \
  -keysize 2048 \
  -alias s1as \
  -ext SAN=DNS:localhost,IP:127.0.0.1 \
  -validity 9999

keytool -delete -alias s1as -storepass changeit -keystore ssltest-cacerts.jks
keytool -delete -alias s1as -storepass changeit -keystore ssltest-keystore.jks

keytool -importkeystore \
  -srckeystore keystore.jks \
  -srcstoretype JKS \
  -srcstorepass changeit \
  -deststoretype JKS \
  -deststorepass changeit \
  -destkeystore ssltest-keystore.jks

keytool -importkeystore \
  -srckeystore keystore.jks \
  -srcstoretype JKS \
  -srcstorepass changeit \
  -deststoretype JKS \
  -deststorepass changeit \
  -destkeystore  ssltest-cacerts.jks

To view the new certificate:

keytool -list -v -alias s1as -storepass changeit -keystore  ssltest-cacerts.jks

jfarcand added a commit that referenced this pull request Mar 30, 2014
@jfarcand
Merge pull request #510 from wsargent/fix-197
3c9152e 
Fix for #197 -- use a hostname verifier that does hostname verification
@jfarcand jfarcand merged commit 3c9152e into AsyncHttpClient:master Mar 30, 2014
@jfarcand
Copy link
Contributor

Thanks!!!!

@slandelle slandelle added this to the 2.0.0.Alpha1 milestone Mar 30, 2014
slandelle pushed a commit that referenced this pull request Jul 10, 2014
Use a hostname verifier that does hostname verification, backport #510,
a894583 
close #197
@slandelle slandelle modified the milestones: 1.9.0, 2.0.0.Alpha1 Jul 10, 2014
varyvol pushed a commit to varyvol/async-http-client that referenced this pull request Nov 13, 2018
Use a hostname verifier that does hostname verification, backport Asy…
c8e7c7f 
…ncHttpClient#510, close AsyncHttpClient#197
varyvol pushed a commit to jenkinsci/lib-async-http-client that referenced this pull request Nov 20, 2018
[JENKINS-54601] Include security fixes from 1.9.40 in 1.7.24.X (#3)
20b3885 
* Change version for jenkins
* [SECURITY-650] Introduce acceptAnyCertificate config, defaulting to false
* Use a hostname verifier that does hostname verification, backport AsyncHttpClient#510, close AsyncHttpClient#197
* Bump netty version
* Restore necessary compatibility
* [JENKINS-54601] Fix test failures.
* [JENKINS-54601] Correct POM info.
* Add script to make it easier to get a working JDK7 environment
* [JENKINS-54601] Include proper hostname verifier logic.
* [JENKINS-54601] Update README.
cs-workco pushed a commit to cs-workco/async-http-client that referenced this pull request Apr 13, 2023
@karwa
Redo HTTP cookie parsing (AsyncHttpClient#510)
972bcdd 
* Redo HTTP cookie parsing using strptime

* Make String(utf8Slice:from:) less ugly

* Adjust cookie component parsing to better match RFC-6562
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jfarcand jfarcand

Labels
Enhancement
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.
3 participants
@wsargent @jfarcand @slandelle