Allow use of custom HostnameVerifier on clients. #1664
Conversation
|
Also, I wasn't sure how to approach writing a unit test in HttpClientBuilderTest.java. Some guidance there would be appreciated. |
|
|
||
| public DropwizardSSLConnectionSocketFactory(TlsConfiguration configuration) { | ||
| this.configuration = configuration; | ||
| this.verifier = null; |
There was a problem hiding this comment.
I think we could reduce this constructor to a call to another constructor:
this(configuration, null);
I think you could mark the method HostnameVerifier customVerifier = (s, sslSession) -> false;
Registry<ConnectionSocketFactory> configuredRegistry = builder
.using(customVerifier)
.createConfiguredRegistry();Then we could retrieve the SSL socket factory from the registry and extract the verifier from it via reflection. Something like that: SSLConnectionSocketFactory socketFactory =
(SSLConnectionSocketFactory) configuredRegistry.lookup("https");
final Field hostnameVerifierField =
FieldUtils.getField(SSLConnectionSocketFactory.class, "hostnameVerifier", true); |
While the improvements to TLS configuration of HTTP clients in 1.0.0 (maybe prior) are awesome, as part of that process the ability to set a custom HostnameVerifier easily on the HTTP client has been lost. You used to be able to do e.g. as: JerseyClientConfiguration myJerseyClientConfiguration = <some configuration>; HostnameVerifier verifier = new MyCustomHostnameVerifier(); JerseyClientBuilder clientBuilder = new JerseyClientBuilder(env); clientBuilder.using(myJerseyClientConfiguration).using(verifier); Client httpClient = clientBuilder.build(); Same is true for HttpClientBuilder too. You can still do it by creating a custom Apache Registry<ConnectionSocketFactory> but you need to set up socket factories for every scheme. This change restores the ability to set a custom HostnameVerifier for clients. [Fixes #1663]
|
Thanks for the feedback @arteam I've made your suggested changes and implemented additional unit test coverage following your suggested pattern. I ummed and ahhed over the DropwizardSSLConnectionSocketFactory constructor unit test using reflection to check private field value but I liked using a getter for the verifier field on this class even less since it would imply getter for tlsConfiguration field for consistency which exposes that to internal modification which implies need for immutable TlsConfiguration .... Also, the getter would've needed to be public rather than package protected since unit test is in a different package. I have also squashed my commits. |
|
Thank you very much for your contribution! |
|
No problem at all. This software works so well for us. Thank you for the far greater contribution you make. |
While the improvements to TLS configuration of HTTP clients in 1.0.0
(maybe prior) are awesome, as part of that process the ability to set a
custom HostnameVerifier easily on the HTTP client has been lost.
You used to be able to do e.g. as:
JerseyClientConfiguration myJerseyClientConfiguration = ;
HostnameVerifier verifier = new MyCustomHostnameVerifier();
JerseyClientBuilder clientBuilder = new JerseyClientBuilder(env);
clientBuilder.using(myJerseyClientConfiguration).using(verifier);
Client httpClient = clientBuilder.build();
Same is true for HttpClientBuilder too.
You can still do it by creating a custom Apache
Registry but you need to set up socket
factories for every scheme.
This change restores the ability to set a custom HostnameVerifier
for clients.
[Fixes #1663]