Skip to content
Permalink
Browse files
[CXF-8668]:Set SniHostCheck to false for SSLNettyClientTest
  • Loading branch information
jimma committed Apr 7, 2022
1 parent b8a8d99 commit 76d1ca9e3ba12f44311a8b83f2ec4e1fb8cc486d
Showing 5 changed files with 27 additions and 2 deletions.
@@ -33,6 +33,7 @@ public class TLSServerParameters extends TLSParameterBase {
ClientAuthentication clientAuthentication;
List<String> excludeProtocols = new ArrayList<>();
List<String> includeProtocols = new ArrayList<>();
boolean sniHostCheck;

/**
* This parameter configures the server side to request and/or
@@ -83,4 +84,17 @@ public List<String> getIncludeProtocols() {
return includeProtocols;
}

/**
* Returns if the SNI host name must match
*/
public boolean isSniHostCheck() {
return sniHostCheck;
}

/**
* @param sniHostCheck if the SNI host name must match
*/
public void setSniHostCheck(boolean sniHostCheck) {
this.sniHostCheck = sniHostCheck;
}
}
@@ -92,6 +92,9 @@ public TLSServerParametersConfig(TLSServerParametersType params)
if (params.isSetCertAlias()) {
this.setCertAlias(params.getCertAlias());
}
if (params.isSetSniHostCheck()) {
this.setSniHostCheck(params.isSniHostCheck());
}
if (iparams != null && iparams.isSetKeyManagersRef()) {
this.setKeyManagers(iparams.getKeyManagersRef());
}
@@ -657,5 +657,12 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="sniHostCheck" type="pt:ParameterizedBoolean" default="true">
<xs:annotation>
<xs:documentation>
If the SNI host name must match.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:schema>
@@ -68,6 +68,7 @@
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
@@ -679,7 +680,7 @@ AbstractConnector createConnectorJetty(SslContextFactory sslcf, String hosto, in
result = new org.eclipse.jetty.server.ServerConnector(server);

if (tlsServerParameters != null) {
httpConfig.addCustomizer(new org.eclipse.jetty.server.SecureRequestCustomizer());
httpConfig.addCustomizer(new SecureRequestCustomizer(tlsServerParameters.isSniHostCheck()));

if (!isHttp2Enabled(bus)) {
final SslConnectionFactory scf = new SslConnectionFactory(sslcf, httpFactory.getProtocol());
@@ -31,7 +31,7 @@
<bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer"/>
<httpj:engine-factory>
<httpj:engine port="${SSLNettyClientTest.port}">
<httpj:tlsServerParameters>
<httpj:tlsServerParameters sniHostCheck="false">
<sec:keyManagers keyPassword="skpass">
<sec:keyStore type="jks" password="sspass" resource="keys/servicestore.jks"/>
</sec:keyManagers>

0 comments on commit 76d1ca9

Please sign in to comment.