Updated PR

Signed-off-by: Daniel Lindberg <daniel.lindberg@omegapoint.se>

src/main/asciidoc/dataobjects.adoc

@@ -935,6 +935,11 @@ Add an enabled cipher suite
 +++
 Add an enabled SSL/TLS protocols
 +++
+|[[hostnameVerificationAlgorithm]]`hostnameVerificationAlgorithm`|`String`|
++++
+Set the hostname verification algorithm interval
+ To disable hostname verification, set hostnameVerificationAlgorithm to an empty String
++++
 |[[idleTimeout]]`idleTimeout`|`Number (int)`|
 +++
 Set the idle timeout, in seconds. zero means don't timeout.
@@ -1020,10 +1025,6 @@ Set the ALPN usage.
 +++
 Set whether Netty pooled buffers are enabled
 +++
-|[[verifyHost]]`verifyHost`|`Boolean`|
-+++
-Set whether hostname verification is enabled
-+++
 |===
 
 [[NetServerOptions]]

src/main/asciidoc/java/net.adoc

@@ -192,7 +192,7 @@ See the chapter on <<streams, streams and pumps>> for more information.
 
 === Upgrading connections to SSL/TLS
 
-A non SSL/TLS connection can be upgraded to SSL/TLS using `link:../../apidocs/io/vertx/core/net/NetSocket.html#upgradeToSsl-java.lang.String-int-io.vertx.core.Handler-[upgradeToSsl]`.
+A non SSL/TLS connection can be upgraded to SSL/TLS using `link:../../apidocs/io/vertx/core/net/NetSocket.html#upgradeToSsl-io.vertx.core.Handler-[upgradeToSsl]`.
 
 The server or client must be configured for SSL/TLS for this to work correctly. Please see the <<ssl, chapter on SSL/TLS>>
 for more information.
@@ -570,13 +570,15 @@ NetClient client = vertx.createNetClient(options);
 If `link:../../apidocs/io/vertx/core/net/ClientOptionsBase.html#setTrustAll-boolean-[trustAll]` is not set then a client trust store must be
 configured and should contain the certificates of the servers that the client trusts.
 
-To enable host verification, simply set verifyHost to true on your client:
+By default, host verification is disabled on the client.
+To enable host verification, set the algorithm to use on your client (only HTTPS and LDAPS is currently supported):
+
 
 [source,java]
 ----
 NetClientOptions options = new NetClientOptions().
         setSsl(true).
-        setVerifyHost(true);
+        setHostnameVerificationAlgorithm("HTTPS");
 NetClient client = vertx.createNetClient(options);
 ----
 

src/main/generated/io/vertx/core/net/NetClientOptionsConverter.java

@@ -27,20 +27,22 @@
 public class NetClientOptionsConverter {
 
   public static void fromJson(JsonObject json, NetClientOptions obj) {
+    if (json.getValue("hostnameVerificationAlgorithm") instanceof String) {
+      obj.setHostnameVerificationAlgorithm((String)json.getValue("hostnameVerificationAlgorithm"));
+    }
     if (json.getValue("reconnectAttempts") instanceof Number) {
       obj.setReconnectAttempts(((Number)json.getValue("reconnectAttempts")).intValue());
     }
     if (json.getValue("reconnectInterval") instanceof Number) {
       obj.setReconnectInterval(((Number)json.getValue("reconnectInterval")).longValue());
     }
-    if (json.getValue("verifyHost") instanceof Boolean) {
-      obj.setVerifyHost((Boolean)json.getValue("verifyHost"));
-    }
   }
 
   public static void toJson(NetClientOptions obj, JsonObject json) {
+    if (obj.getHostnameVerificationAlgorithm() != null) {
+      json.put("hostnameVerificationAlgorithm", obj.getHostnameVerificationAlgorithm());
+    }
     json.put("reconnectAttempts", obj.getReconnectAttempts());
     json.put("reconnectInterval", obj.getReconnectInterval());
-    json.put("verifyHost", obj.isVerifyHost());
   }
 }

src/main/java/examples/NetExamples.java

@@ -505,7 +505,7 @@ public void example45(Vertx vertx, JksOptions keyStoreOptions) {
   public void example46(Vertx vertx, JksOptions keyStoreOptions) {
     NetClientOptions options = new NetClientOptions().
             setSsl(true).
-            setVerifyHost(true);
+            setHostnameVerificationAlgorithm("HTTPS");
     NetClient client = vertx.createNetClient(options);
   }
 }

src/main/java/io/vertx/core/http/impl/VertxHttp2NetSocket.java

@@ -269,7 +269,7 @@ public NetSocket closeHandler(@Nullable Handler<Void> handler) {
   }
 
   @Override
-  public NetSocket upgradeToSsl(String host, int port, Handler<Void> handler) {
+  public NetSocket upgradeToSsl(Handler<Void> handler) {
     throw new UnsupportedOperationException("Cannot upgrade HTTP/2 stream to SSL");
   }
 

src/main/java/io/vertx/core/net/NetClientOptions.java

@@ -18,8 +18,11 @@
 
 import io.vertx.codegen.annotations.DataObject;
 import io.vertx.core.buffer.Buffer;
+import io.vertx.core.cli.Option;
 import io.vertx.core.json.JsonObject;
 
+import java.util.Optional;
+
 /**
  * Options for configuring a {@link io.vertx.core.net.NetClient}.
  *
@@ -39,14 +42,14 @@ public class NetClientOptions extends ClientOptionsBase {
   public static final long DEFAULT_RECONNECT_INTERVAL = 1000;
 
   /**
-   * Default value of whether hostname verification (for SSL/TLS) is enabled = true
+   * Default value to determine hostname verification algorithm hostname verification (for SSL/TLS) = ""
    */
-  public static final boolean DEFAULT_VERIFY_HOST = true;
+  public static final String DEFAULT_HOSTNAME_VERIFICATION_ALGORITHM = "";
 
 
   private int reconnectAttempts;
   private long reconnectInterval;
-  private boolean verifyHost = true;
+  private String hostnameVerificationAlgorithm;
 
 
     /**
@@ -66,7 +69,7 @@ public NetClientOptions(NetClientOptions other) {
     super(other);
     this.reconnectAttempts = other.getReconnectAttempts();
     this.reconnectInterval = other.getReconnectInterval();
-    this.verifyHost = other.isVerifyHost();
+    this.hostnameVerificationAlgorithm = other.getHostnameVerificationAlgorithm();
   }
 
   /**
@@ -83,7 +86,7 @@ public NetClientOptions(JsonObject json) {
   private void init() {
     this.reconnectAttempts = DEFAULT_RECONNECT_ATTEMPTS;
     this.reconnectInterval = DEFAULT_RECONNECT_INTERVAL;
-    this.verifyHost = DEFAULT_VERIFY_HOST;
+    this.hostnameVerificationAlgorithm = DEFAULT_HOSTNAME_VERIFICATION_ALGORITHM;
   }
 
   @Override
@@ -248,32 +251,32 @@ public NetClientOptions setReconnectInterval(long interval) {
   }
 
   /**
-   * @return  the value of reconnect interval
+   * @return  the value of the hostname verification algorithm
    */
-  public long getReconnectInterval() {
-    return reconnectInterval;
+
+  public String getHostnameVerificationAlgorithm() {
+    return hostnameVerificationAlgorithm;
   }
 
-    /**
-     * Is hostname verification (for SSL/TLS) enabled?
-     *
-     * @return  true if enabled
-     */
-    public boolean isVerifyHost() {
-        return verifyHost;
-    }
+  /**
+   * Set the hostname verification algorithm interval
+   * To disable hostname verification, set hostnameVerificationAlgorithm to an empty String
+   *
+   * @param hostnameVerificationAlgorithm should be HTTPS, LDAPS or an empty String
+   * @return a reference to this, so the API can be used fluently
+   */
 
-    /**
-     * Set whether hostname verification is enabled
-     *
-     * @param verifyHost  true if enabled
-     * @return a reference to this, so the API can be used fluently
-     */
-    public NetClientOptions setVerifyHost(boolean verifyHost) {
-        this.verifyHost = verifyHost;
-        return this;
-    }
+  public NetClientOptions setHostnameVerificationAlgorithm(String hostnameVerificationAlgorithm) {
+    this.hostnameVerificationAlgorithm = hostnameVerificationAlgorithm;
+    return this;
+  }
 
+  /**
+   * @return  the value of reconnect interval
+   */
+  public long getReconnectInterval() {
+    return reconnectInterval;
+  }
 
     @Override
   public boolean equals(Object o) {
@@ -285,7 +288,7 @@ public boolean equals(Object o) {
 
     if (reconnectAttempts != that.reconnectAttempts) return false;
     if (reconnectInterval != that.reconnectInterval) return false;
-    if (verifyHost != that.verifyHost) return false;
+    if (hostnameVerificationAlgorithm != that.hostnameVerificationAlgorithm) return false;
 
     return true;
   }
@@ -295,7 +298,8 @@ public int hashCode() {
     int result = super.hashCode();
     result = 31 * result + reconnectAttempts;
     result = 31 * result + (int) (reconnectInterval ^ (reconnectInterval >>> 32));
-    result = 31 * result + (verifyHost ? 1 : 0);
+    result = 31 * result + hostnameVerificationAlgorithm.hashCode();
     return result;
   }
+
 }

src/main/java/io/vertx/core/net/NetSocket.java

@@ -217,7 +217,7 @@ default NetSocket sendFile(String filename, long offset, Handler<AsyncResult<Voi
    * @return a reference to this, so the API can be used fluently
    */
   @Fluent
-  NetSocket upgradeToSsl(String host, int port, Handler<Void> handler);
+  NetSocket upgradeToSsl(Handler<Void> handler);
 
   /**
    * @return true if this {@link io.vertx.core.net.NetSocket} is encrypted via SSL/TLS.

src/main/java/io/vertx/core/net/impl/NetSocketImpl.java

@@ -245,10 +245,11 @@ public synchronized void close() {
   }
 
   @Override
-  public synchronized NetSocket upgradeToSsl(String host, int port, final Handler<Void> handler) {
+  public synchronized NetSocket upgradeToSsl(final Handler<Void> handler) {
     SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
     if (sslHandler == null) {
-      sslHandler = helper.createSslHandler(vertx, host, port);
+
+      sslHandler = helper.createSslHandler(vertx, this.remoteAddress().host(), this.remoteAddress().port());
       channel.pipeline().addFirst("ssl", sslHandler);
     }
     sslHandler.handshakeFuture().addListener(future -> context.executeFromIO(() -> {

src/main/java/io/vertx/core/net/impl/SSLHelper.java

@@ -50,15 +50,7 @@
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.EnumMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -114,6 +106,8 @@ public class SSLHelper {
   private List<HttpVersion> applicationProtocols;
   private Set<String> enabledProtocols;
 
+  private String endpointIdentificationAlgorithm = "";
+
   private SslContext sslContext;
 
   public SSLHelper(HttpClientOptions options, KeyStoreHelper keyStoreHelper, KeyStoreHelper trustStoreHelper) {
@@ -124,11 +118,13 @@ public SSLHelper(HttpClientOptions options, KeyStoreHelper keyStoreHelper, KeySt
     this.crlPaths = new ArrayList<>(options.getCrlPaths());
     this.crlValues = new ArrayList<>(options.getCrlValues());
     this.enabledCipherSuites = options.getEnabledCipherSuites();
-    this.verifyHost = options.isVerifyHost();
     this.sslEngine = options.getSslEngine();
     this.client = true;
     this.useAlpn = options.isUseAlpn();
     this.enabledProtocols = options.getEnabledSecureTransportProtocols();
+    if (options.isVerifyHost()) {
+      this.endpointIdentificationAlgorithm = "HTTPS";
+    }
   }
 
   public SSLHelper(HttpServerOptions options, KeyStoreHelper keyStoreHelper, KeyStoreHelper trustStoreHelper) {
@@ -153,11 +149,11 @@ public SSLHelper(NetClientOptions options, KeyStoreHelper keyStoreHelper, KeySto
     this.crlPaths = new ArrayList<>(options.getCrlPaths());
     this.crlValues = new ArrayList<>(options.getCrlValues());
     this.enabledCipherSuites = options.getEnabledCipherSuites();
-    this.verifyHost = options.isVerifyHost();
     this.sslEngine = options.getSslEngine();
     this.client = true;
     this.useAlpn = false;
     this.enabledProtocols = options.getEnabledSecureTransportProtocols();
+    this.endpointIdentificationAlgorithm = options.getHostnameVerificationAlgorithm();
   }
 
   public SSLHelper(NetServerOptions options, KeyStoreHelper keyStoreHelper, KeyStoreHelper trustStoreHelper) {
@@ -411,9 +407,9 @@ private SslHandler createHandler(SSLEngine engine, boolean client) {
           break;
         }
       }
-    } else if (verifyHost) {
+    } else if (!endpointIdentificationAlgorithm.isEmpty()) {
       SSLParameters sslParameters = engine.getSSLParameters();
-      sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+      sslParameters.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm);
       engine.setSSLParameters(sslParameters);
     }
     return new SslHandler(engine);

src/main/java/io/vertx/core/net/package-info.java

@@ -175,7 +175,7 @@
  *
  * === Upgrading connections to SSL/TLS
  *
- * A non SSL/TLS connection can be upgraded to SSL/TLS using {@link io.vertx.core.net.NetSocket#upgradeToSsl(java.lang.String, int, io.vertx.core.Handler)}.
+ * A non SSL/TLS connection can be upgraded to SSL/TLS using {@link io.vertx.core.net.NetSocket#upgradeToSsl(io.vertx.core.Handler)}.
  *
  * The server or client must be configured for SSL/TLS for this to work correctly. Please see the <<ssl, chapter on SSL/TLS>>
  * for more information.
@@ -434,7 +434,9 @@
  * If {@link io.vertx.core.net.ClientOptionsBase#setTrustAll trustAll} is not set then a client trust store must be
  * configured and should contain the certificates of the servers that the client trusts.
  *
- * To enable host verification, simply set verifyHost to true on your client:
+ * By default, host verification is disabled on the client.
+ * To enable host verification, set the algorithm to use on your client (only HTTPS and LDAPS is currently supported):
+ *
  *
  * [source,$lang]
  * ----