Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZOOKEEPER-3832 ZKHostnameVerifier rejects valid certificates with subjectAltNames (3.5) #1364

Closed
wants to merge 1 commit into from
Closed

ZOOKEEPER-3832 ZKHostnameVerifier rejects valid certificates with subjectAltNames (3.5) #1364

wants to merge 1 commit into from

Conversation

anmolnar
Copy link
Contributor

Backport to 3.5

This issue has been reported by a user who wanted to use a cert that contains SAN entries that are not of type DNS or IP.
I've come across the following ticket in http client project which seems to be related:
https://issues.apache.org/jira/browse/HTTPCLIENT-1906

This is the backport of the fix.

Original patch: apache/httpcomponents-client@56cc245

Target versions: 3.5, 3.6, 3.7

Author: Andor Molnar andor@apache.org

Reviewers: Enrico Olivelli eolivelli@apache.org, Mate Szalay-Beko symat@apache.org

Closes #1353 from anmolnar/ZOOKEEPER-3832

@anmolnar
ZOOKEEPER-3832: ZKHostnameVerifier rejects valid certificates with su…
2daa1c4 
…bjectAltNames

This issue has been reported by a user who wanted to use a cert that contains SAN entries that are not of type DNS or IP.
I've come across the following ticket in http client project which seems to be related:
https://issues.apache.org/jira/browse/HTTPCLIENT-1906

This is the backport of the fix.

Original patch: apache/httpcomponents-client@56cc245

Target versions: 3.5, 3.6, 3.7

Author: Andor Molnar <andor@apache.org>

Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mate Szalay-Beko <symat@apache.org>

Closes apache#1353 from anmolnar/ZOOKEEPER-3832
@anmolnar anmolnar requested review from symat and eolivelli May 21, 2020 12:33
symat
symat approved these changes May 21, 2020
View reviewed changes
Copy link
Contributor

@symat symat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks similar to the original patch. The new unit tests were also executed by CI. +1

@eolivelli
Copy link
Contributor

eolivelli commented May 21, 2020
edited
Loading

Please merge. I can't do it now

@symat
Copy link
Contributor

symat commented May 21, 2020

I'll merge it now

asfgit pushed a commit that referenced this pull request May 21, 2020
@anmolnar @symat
ZOOKEEPER-3832: ZKHostnameVerifier rejects valid certificates with su…
72e23ed 
…bjectAltNames (3.5)

Backport to 3.5

This issue has been reported by a user who wanted to use a cert that contains SAN entries that are not of type DNS or IP.
I've come across the following ticket in http client project which seems to be related:
https://issues.apache.org/jira/browse/HTTPCLIENT-1906

This is the backport of the fix.

Original patch: apache/httpcomponents-client@56cc245

Target versions: 3.5, 3.6, 3.7

Author: Andor Molnar <andorapache.org>

Reviewers: Enrico Olivelli <eolivelliapache.org>, Mate Szalay-Beko <symatapache.org>

Closes #1364 from anmolnar/ZOOKEEPER-3832_35
@symat
Copy link
Contributor

symat commented May 21, 2020

merge done, I also updated the "fixed versions" on the Jira ticket.
Thanks Andor for the patch!

@symat symat closed this May 21, 2020
@anmolnar anmolnar deleted the ZOOKEEPER-3832_35 branch May 21, 2020 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@symat symat symat approved these changes

@eolivelli eolivelli Awaiting requested review from eolivelli

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@anmolnar @eolivelli @symat