leniency for https

[adriaanm]

This should hopefully fix

javax.net.ssl.SSLException: hostname in certificate didn't match: <jenkins.akka.io> != <*.typesafe.com> OR <*.typesafe.com> OR <typesafe.com>
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:228)
<snip>
        at dispatch.classic.Http.apply(Http.scala:21)
        at backend.PullRequestCommenter$$anonfun$receive$1.applyOrElse(PullRequestCommenter.scala:51)

seen in https://github.com/akka/akka/pull/1381

[bantonsson]

So what does this mean? That any CERT will do and we are open to MIM attacks? I don't know how sensitive we think this stuff is, but I was kind of hoping that there would be an option to trust things until you reach the final destination and then do validation.

[jsuereth]

Maybe we could just fix your cert?

[bantonsson]

There is nothing wring with our cert, and I've reconfigured our Jenkins to present itself with the port as part of the URL, so things work now.

The reason for this was simply that our Jenkins was set up to present itself as https://jenkins.akka.io/ which will be redirected to https://jenkins.akka.io:8498/, but the redirect happens after you have talked to a machine that presents itself with a typesafe.com cert.

Browsers, curl and others don't seem to mind, but this lib does. It doesn't have to be fixed.

[jsuereth]

Ah. They are using a synch http client. Perhaps the issue is in configuration?

In any case, LGTM for now Adriaan, but we should investigate the issue further.

[adriaanm]

Ok, I'll deploy a version without this fix and see what happens.

[adriaanm]

revert deployed