Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix errors when hostname verification is set as "DefaultAndLocalhost" #12042

Merged
merged 1 commit into from
Jun 23, 2023
Merged

Fix errors when hostname verification is set as "DefaultAndLocalhost" #12042

merged 1 commit into from
Jun 23, 2023

Conversation

YasasRangika
Copy link
Contributor

Purpose

To fix the errors thrown while starting the APIM server even if a SAN entry matches the server hostname when hostname verification is set as "DefaultAndLocalhost".

Goal

Fixes: wso2/api-manager#1876
and also fixes issues from: wso2/api-manager#1698

Approach

  • When DefaultAndLocalhost hostname verifier is enabled, all hostnames that match the below list should pass hostname verification regardless of what is on the server’s certificate.
    "::1", "127.0.0.1", "localhost", "localhost.localdomain"

  • Apart from that above should support default hostname verification as well. So DefaultAndLocalhost verification is Default hostname verification + a relaxation on localhost hostnames.

  • To fix the above issues we should improve the verify method to validate the hostname against the certs available in the keystore.

@YasasRangika YasasRangika merged commit 4a49991 into wso2:master Jun 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msm1992 msm1992 msm1992 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Certificate for XXX doesn't match any of the subject alternative names
2 participants
@YasasRangika @msm1992