[CXF-8668]:Set SniHostCheck to false for SSLNettyClientTest

core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java

@@ -33,6 +33,7 @@ public class TLSServerParameters extends TLSParameterBase {
     ClientAuthentication clientAuthentication;
     List<String> excludeProtocols = new ArrayList<>();
     List<String> includeProtocols = new ArrayList<>();
+    boolean sniHostCheck;
 
     /**
      * This parameter configures the server side to request and/or
@@ -83,4 +84,17 @@ public List<String> getIncludeProtocols() {
         return includeProtocols;
     }
 
+    /**
+     * Returns if the SNI host name must match
+     */
+    public boolean isSniHostCheck() {
+        return sniHostCheck;
+    }
+
+    /**
+     * @param sniHostCheck if the SNI host name must match
+     */
+    public void setSniHostCheck(boolean sniHostCheck) {
+        this.sniHostCheck = sniHostCheck;
+    }
 }

core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java

@@ -92,6 +92,9 @@ public TLSServerParametersConfig(TLSServerParametersType params)
         if (params.isSetCertAlias()) {
             this.setCertAlias(params.getCertAlias());
         }
+        if (params.isSetSniHostCheck()) {
+            this.setSniHostCheck(params.isSniHostCheck());
+        }
         if (iparams != null && iparams.isSetKeyManagersRef()) {
             this.setKeyManagers(iparams.getKeyManagersRef());
         }

core/src/main/resources/schemas/configuration/security.xsd

@@ -657,5 +657,12 @@
                 </xs:documentation>
              </xs:annotation>
            </xs:attribute>
+           <xs:attribute name="sniHostCheck" type="pt:ParameterizedBoolean" default="true">
+             <xs:annotation>
+                <xs:documentation>
+                    If the SNI host name must match.
+                </xs:documentation>
+             </xs:annotation>
+           </xs:attribute>
     </xs:complexType>
 </xs:schema>

rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java

@@ -68,6 +68,7 @@
 import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.SslConnectionFactory;
@@ -679,7 +680,7 @@ AbstractConnector createConnectorJetty(SslContextFactory sslcf, String hosto, in
             result = new org.eclipse.jetty.server.ServerConnector(server);
 
             if (tlsServerParameters != null) {
-                httpConfig.addCustomizer(new org.eclipse.jetty.server.SecureRequestCustomizer());
+                httpConfig.addCustomizer(new SecureRequestCustomizer(tlsServerParameters.isSniHostCheck()));
 
                 if (!isHttp2Enabled(bus)) {
                     final SslConnectionFactory scf = new SslConnectionFactory(sslcf, httpFactory.getProtocol());

rt/transports/http-netty/netty-client/src/test/resources/org/apache/cxf/transport/http/netty/client/integration/ServerConfig.xml

@@ -31,7 +31,7 @@
     <bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer"/>
     <httpj:engine-factory>
         <httpj:engine port="${SSLNettyClientTest.port}">
-            <httpj:tlsServerParameters>
+            <httpj:tlsServerParameters sniHostCheck="false">
                 <sec:keyManagers keyPassword="skpass">
                     <sec:keyStore type="jks" password="sspass" resource="keys/servicestore.jks"/>
                 </sec:keyManagers>