-
Notifications
You must be signed in to change notification settings - Fork 899
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tlsNoVerifyHosts to disable TLS verification for certain hosts #3057
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3057 +/- ##
============================================
+ Coverage 73.40% 73.42% +0.01%
- Complexity 12306 12325 +19
============================================
Files 1066 1067 +1
Lines 47623 47659 +36
Branches 6009 6013 +4
============================================
+ Hits 34959 34994 +35
+ Misses 9611 9610 -1
- Partials 3053 3055 +2
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly LGTM!
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/HttpClientSniTest.java
Outdated
Show resolved
Hide resolved
Thanks @ikhoon! I've updated to address your reviews. |
@Override | ||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) | ||
throws CertificateException { | ||
throw new UnsupportedOperationException(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we also implement this method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does not give access to the hostname so I wasn't sure if it should be implemented.
It's just me if you think otherwise I'll add it 😃
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's probably fine not to implement this method and the method that accepts Socket
because we always use an SSLEngine
for TLS communication. If we have to implement this, we could retrieve the host name from x509Certificates[0]
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for chiming in. I'm not entirely familiar with TLS so advice is much appreciated here. But it looks to me that we don't need this right now, so maybe it can be added down the road if needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SGTM. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for your first contribution, @tumile! It will be a nice addition to Armeria once merged. 👍
core/src/main/java/com/linecorp/armeria/client/ClientFactoryBuilder.java
Outdated
Show resolved
Hide resolved
public ClientFactoryBuilder tlsNoVerifyHosts(String... insecureHosts) { | ||
tlsCustomizer(b -> b.trustManager(IgnoreHostsTrustManager.of(insecureHosts))); | ||
return this; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A user might want to do the following:
cfb.tlsNoVerifyHosts("a.com");
cfb.tlsNoVerifyHosts("b.com");
...
How about keeping the list of the insecure hosts and setting the trust manager when the ClientFactory
is built? We will also have to make sure tlsNoVerify()
and tlsNoVerifyHosts()
are mutually exclusive, throwing an IllegalStateException
(or should we make tlsNoVerifyHost()
always win?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with making them exclusive. Makes it less ambiguous about which hosts are being ignored (or all).
core/src/main/java/com/linecorp/armeria/client/IgnoreHostsTrustManager.java
Outdated
Show resolved
Hide resolved
@Override | ||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) | ||
throws CertificateException { | ||
throw new UnsupportedOperationException(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's probably fine not to implement this method and the method that accepts Socket
because we always use an SSLEngine
for TLS communication. If we have to implement this, we could retrieve the host name from x509Certificates[0]
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
core/src/main/java/com/linecorp/armeria/client/IgnoreHostsTrustManager.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/client/IgnoreHostsTrustManager.java
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/client/IgnoreHostsTrustManager.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/IgnoreHostsTrustManagerTest.java
Outdated
Show resolved
Hide resolved
@ikhoon thanks a lot! I was working on it, but this is even better 😄 |
Oops... sorry. We are about to release the next version of Armeria. 😅 By the way, if you forked the code from okhttp,
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! @tumile I’m looking forward to your next contribution. 🚀
core/src/main/java/com/linecorp/armeria/client/ClientFactoryBuilder.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/client/IgnoreHostsTrustManager.java
Outdated
Show resolved
Hide resolved
core/src/test/java/com/linecorp/armeria/client/HttpClientSniTest.java
Outdated
Show resolved
Hide resolved
Thanks @tumile! 🚀🚀🚀 |
Thanks everyone 😄 |
Motivation:
Provide a way to turn off TLS verification for specific hosts (like
tlsNoVerify
but on specific hosts only) in private development environments. See comment.Modification:
ClientFactoryBuilder#tlsNoVerifyHosts(String... insecureHosts)
.IgnoreHostsTrustManager
implementation. Refer to this commit from okhttp.Result:
Close #2722