apache httpclient 4.4: HostnameVerifier transition from 4.3.x

后端未结

关注

 4  1970

忘掉有多难

HttpClient 4.3 had three static variables in org.apache.http.conn.ssl.SSLConnectionSocketFactory:

STRICT_HOSTNAME_VERIFIER
BROWSER_COMPATIBLE

相关标签:

4条回答

渐次进展

2021-02-07 07:51

Actually, the javadoc of AllowAllHostnameVerifier gives a direct replacement for ALLOW_ALL__HOSTNAME_VERIFIER, which is NoopHostnameVerifier .

0 讨论(0)
发布评论:

提交评论
- 加载中...
半阙折子戏

2021-02-07 08:01

BrowserCompatHostnameVerifier was essentially IE 5/6 compatible implementation. I am no sure if it is actually compatible with more modern browser applications. BrowserCompatHostnameVerifier should have never existed in the first place and should not be used anymore.

0 讨论(0)
发布评论:

提交评论
- 加载中...
时光取名叫无心

2021-02-07 08:05
I read all this and nothing worked for me, here's what saved my day: https://stackoverflow.com/a/36507502/3090309

I was using:
```
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.2'
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

萌比男神i

2021-02-07 08:12

You don't need a new implementation class for AllowAllHostnameVerifier and don't need another implementation for BrowserCompatHostnameVerifier, simply pass an instance to the new DefaultHostnameVerifier,

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new DefaultHostnameVerifier());

this class the neccesary verification methods for both with the following method signatures

public final boolean verify(String host, SSLSession session) (Override)

and

public final void verify(String host, X509Certificate cert) throws SSLException

in the second method the httpcomponents does a checking for matching subdomains

public final void verify(String host, X509Certificate cert) throws SSLException {
    boolean ipv4 = InetAddressUtils.isIPv4Address(host);
    boolean ipv6 = InetAddressUtils.isIPv6Address(host);
    int subjectType = ((ipv4) || (ipv6)) ? 7 : 2;
    List subjectAlts = extractSubjectAlts(cert, subjectType);
    if ((subjectAlts != null) && (!(subjectAlts.isEmpty()))) {
        if (ipv4)
            matchIPAddress(host, subjectAlts);
        else if (ipv6)
            matchIPv6Address(host, subjectAlts);
        else {
            matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
        }
    } else {
        X500Principal subjectPrincipal = cert.getSubjectX500Principal();
        String cn = extractCN(subjectPrincipal.getName("RFC2253"));
        if (cn == null) {
            throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names");
        }

        matchCN(host, cn, this.publicSuffixMatcher);
    }
}

take a look at the source code for more clarification

org.apache.http.conn.ssl.DefaultHostnameVerifier

Hope this helps.

0 讨论(0)