Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2071

HTTPS client accepts certificates with wrong host

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 2.2.14.Final
    • Core
    • None
    • Hide

      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Show
      Create an Undertow client, and connect to https://wrong.host.badssl.com/ and retrieve its main page with default SSL settings. It should fail, but it succeeds.

      Using the Undertow HTTPS client to connect to a server with an SSL certificate that does not match the server's host, succeeds even though it shouldn't.

        1. screenshot.png
          screenshot.png
          357 kB

            ropalka Richard Opalka
            somni451 new acct (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: