javax.net.ssl.SSLPeerUnverifiedException when talking to private GitLab instance via HTTPS

[slonopotamus]

Bug isn't present in 1.23.1 that uses httpclient-4.5.10. Bug is present in 1.24.0 that uses httpclient-4.5.11.

javax.net.ssl.SSLPeerUnverifiedException: Certificate for <at-git.mail.msk> doesn't match any of the subject alternative names: [at-git.mail.msk, at-git, at-registry.mail.msk, at-registry]        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) ~[httpclient-4.5.11.jar:4.5.11]        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) ~[httpclient-4.5.11.jar:4.5.11]        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.11.jar:4.5.11]        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.11.jar:4.5.11]        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.11.jar:4.5.11]        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.11.jar:4.5.11]        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.11.jar:4.5.11]
        at ru.bozaro.gitlfs.client.internal.HttpClientExecutor.executeMethod(HttpClientExecutor.java:27) ~[gitlfs-client-0.16.0.jar:?]
        at ru.bozaro.gitlfs.client.Client.doRequest(Client.java:117) ~[gitlfs-client-0.16.0.jar:?]
        at ru.bozaro.gitlfs.client.Client.lambda$listLocks$10(Client.java:429) ~[gitlfs-client-0.16.0.jar:?]
        at ru.bozaro.gitlfs.client.Client.doWork(Client.java:93) ~[gitlfs-client-0.16.0.jar:?]
        at ru.bozaro.gitlfs.client.Client.listLocks(Client.java:429) ~[gitlfs-client-0.16.0.jar:?]
        at svnserver.ext.gitlfs.storage.network.LfsHttpStorage.getLocks(LfsHttpStorage.java:122) ~[git-as-svn.jar:?]
        at svnserver.ext.gitlfs.storage.network.LfsHttpStorage.getLocks(LfsHttpStorage.java:205) ~[git-as-svn.jar:?]
        at svnserver.server.command.GetLockCmd.lambda$processCommand$0(GetLockCmd.java:44) ~[git-as-svn.jar:?]
        at svnserver.repository.git.GitRepository.wrapLock(GitRepository.java:130) ~[git-as-svn.jar:?]
        at svnserver.repository.git.GitRepository.wrapLockRead(GitRepository.java:279) ~[git-as-svn.jar:?]
        at svnserver.server.command.GetLockCmd.processCommand(GetLockCmd.java:43) ~[git-as-svn.jar:?]
        at svnserver.server.command.GetLockCmd.processCommand(GetLockCmd.java:30) ~[git-as-svn.jar:?]
        at svnserver.server.command.BaseCmd.lambda$process$0(BaseCmd.java:50) ~[git-as-svn.jar:?]
        at svnserver.server.step.CheckPermissionStep.process(CheckPermissionStep.java:67) ~[git-as-svn.jar:?]
        at svnserver.server.SvnServer.serveClient(SvnServer.java:246) ~[git-as-svn.jar:?]
        at svnserver.server.SvnServer.lambda$run$1(SvnServer.java:208) ~[git-as-svn.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_212]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_212]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_212]

Release notes for httpclient-4.5.11:

Release 4.5.11
-------------------

This is a maintenance release that fixes a number defects discovered since 4.5.10
and upgrades HttpCore dependency to version 4.4.13.


Changelog:
-------------------

* Improved domain name normalization by DefaultHostnameVerifier.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2033: Connection managers to immediately shut down all leased connection upon shutdown.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2020: DefaultBackoffStrategy to support TOO_MANY_REQUESTS (429).
  Contributed by Michael Osipov <michaelo at apache.org>

* HTTPCLIENT-2030: Fixed PublicSuffixMatcher#getDomainRoot behavior with invalid hostnames.
  Contributed by Niels Basjes <niels at basjes.nl>

* HTTPCLIENT-2029: URIBuilder to support parsing of non-UTF8 URIs.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* HTTPCLIENT-2026: Fixed URIBuilder#isOpaque() logic.
  Contributed by Oleg Kalnichevski <olegk at apache.org>

* Updated text in pool stats description
  Contributed by chao chang <chang-chao at users.noreply.github.com>

* HTTPCLIENT-2023: Allow nested arrays and all primitive types in DefaultHttpCacheEntrySerializer.
  Contributed by Olof Larsson <olof at sylt.nu>

* Fixed fallback PublicSuffixMatcher instance.
  Contributed by Ryan Schmitt <rschmitt at apache.org>

* Added family property #145.
  Contributed by behrangsa

[slonopotamus]

As a temporary workaround, httpclient version is locked to 4.5.10.

[slonopotamus]

Reported upstream: https://issues.apache.org/jira/browse/HTTPCLIENT-2060

It was already reported as https://issues.apache.org/jira/browse/HTTPCLIENT-2047 and fixed in httpclient-4.5.12.