Package org.apache.http.conn.ssl

Class BrowserCompatHostnameVerifier

  • All Implemented Interfaces:
    javax.net.ssl.HostnameVerifier, X509HostnameVerifier
    @Immutable
public class BrowserCompatHostnameVerifier
extends AbstractVerifier
    The HostnameVerifier that works the same way as Curl and Firefox.

    The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.

    The only difference between BROWSER_COMPATIBLE and STRICT is that a wildcard (such as "*.foo.com") with BROWSER_COMPATIBLE matches all subdomains, including "a.b.foo.com".

    Since:
    4.0

    • Constructor Detail

      • BrowserCompatHostnameVerifier

        public BrowserCompatHostnameVerifier()

    • Method Detail

      • verify

        public final void verify​(java.lang.String host,
                         java.lang.String[] cns,
                         java.lang.String[] subjectAlts)
                  throws javax.net.ssl.SSLException
        Description copied from interface: X509HostnameVerifier
        Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. Most implementations only look at the first CN, and ignore any additional CNs. Most implementations do look at all of the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards according to RFC 2818.
        Parameters:
        host - The hostname to verify.
        cns - CN fields, in order, as extracted from the X.509 certificate.
        subjectAlts - Subject-Alt fields of type 2 ("DNS"), as extracted from the X.509 certificate.
        Throws:
        javax.net.ssl.SSLException - if the verification process fails.

      • toString

        public final java.lang.String toString()
        Overrides:
        toString in class java.lang.Object