Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a way to disable TLS verification for certain hosts only #2722

Closed
trustin opened this issue May 18, 2020 · 1 comment · Fixed by #3057
Closed

Add a way to disable TLS verification for certain hosts only #2722

trustin opened this issue May 18, 2020 · 1 comment · Fixed by #3057
Labels
new feature

Comments

@trustin
Copy link
Member

trustin commented May 18, 2020

From OkHttp 4.7.0:

HandshakeCertificates.Builder.addInsecureHost() makes it easy to turn off security in private development environments that only carry test data. Prefer this over creating an all-trusting TrustManager because only hosts on the allowlist are insecure. From our DevServer sample:

val clientCertificates = HandshakeCertificates.Builder()
    .addPlatformTrustedCertificates()
    .addInsecureHost("localhost")
    .build()

val client = OkHttpClient.Builder()
    .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)
    .build()
@tumile tumile mentioned this issue Sep 11, 2020
Merged
@tumile
Copy link
Contributor

tumile commented Sep 11, 2020

Hi, I just opened a PR to address this issue. Please check it out. Thanks!

minwoox pushed a commit that referenced this issue Sep 22, 2020
@tumile
Add tlsNoVerifyHosts to disable TLS verification for certain hosts (#…
3da7376 
…3057)

Motivation:
Provide a way to turn off TLS verification for specific hosts (like `tlsNoVerify` but on specific hosts only) in private development environments. See [comment](#2722 (comment)).

Modification:
- Add `ClientFactoryBuilder#tlsNoVerifyHosts(String... insecureHosts)`.
- Add `IgnoreHostsTrustManager` implementation. Refer to [this](https://github.com/square/okhttp/blob/482f88300f78c3419b04379fc26c3683c10d6a9d/okhttp-tls/src/main/kotlin/okhttp3/tls/internal/InsecureExtendedTrustManager.kt) commit from okhttp.

Result:
Close #2722
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add tlsNoVerifyHosts to disable TLS verification for certain hosts tumile/armeria
2 participants
@trustin @tumile