[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Re: Upgrading from Httpclient 3.1 to 4.5 - localhost:443 not responding
From:       Hassan Khan <hassankhan986 () gmail ! com>
Date:       2017-05-18 11:41:35
Message-ID: CAOpoXhHH9sgffoz6yNUtr8Kc7obM+td1NgtuGD_e8O6H7EGh-Q () mail ! gmail ! com
[Download RAW message or body]


You are right..  Thanks.. It was kinda of a wrong question to ask ...

On Thu, May 18, 2017 at 3:35 AM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Wed, 2017-05-17 at 12:55 -0400, Hassan Khan wrote:
> > Thank oleg for the tip..
> >
> > I did not change the connector till now.. but with APR itself I
> > starting
> > using the prod CA certificate that our company has... instead of the
> > self
> > signed certificate...
> >
> > With httpClient 3.1 all communication work fine.
> >
>
> As I have already explained earlier. HC 3.x does _not_ do any hostname
> validation. It just does not.
>
> > But when I upgraded prod to use the new code having httpclient
> > 4.5.... I
> > get this exception in SSL handshake...
> >     Certificate for XVT doesn't match any of the subject alternative
> > names:
> > ABC, GFD]
> >
> > So looks like I need to turn off the hostname verification in the
> > code or
> > update the Com[any certificate to have CN populated with the values.
> >
>
> No, you should rather make sure that the hostname and the cert
> presented by the server match.
>
>
> > I wanted to know what brought the need to have CN in every
> > Certificate
> > populated gong forward?
> >
>
> Eh, like, CN being mandatory for a cert, should be a good reason,
> should it not?
>
> Oleg
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
Hassan Khan


[prev in list] [next in list] [prev in thread] [next in thread]