Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2071

HTTPS client accepts certificates with wrong host

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 2.2.14.Final
    • Core
    • None
    • Hide

      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Show
      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Using the Undertow HTTPS client to connect to a server with an SSL certificate that does not match the server's host, succeeds even though it shouldn't.

        1. screenshot.png
          357 kB
          Richard Opalka

            ropalka Richard Opalka
            somni451 new acct (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: