paho.mqtt.android icon indicating copy to clipboard operation
paho.mqtt.android copied to clipboard

Published 20 hours ago verified publisher icon eclipse

How to enable tls/ssl domain subject name validation?

Open jarpz opened this issue 7 years ago • 2 comments

@jpwsutton

Description of Bug:

Try to connect to tls/ssl domain and the subject domain in the certificate is from another domain. The result is connection is success. This behavior allow put any mitm between the client and the server.

  • Is there a way to activate this validation?
  • Is it a bug?

jarpz avatar Apr 06 '17 17:04 jarpz

Thanks this is a good point, I don't think that by default java does hostname verification. We should be able to do something like this: http://stackoverflow.com/questions/18139448/how-should-i-do-hostname-validation-when-using-jsse

jpwsutton avatar Apr 07 '17 10:04 jpwsutton

Is there any update on this, just run into it and wonder why the client connected to a broker which had a wrong tls configuration.

Legion2 avatar Jan 29 '22 22:01 Legion2