Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure SSL configuration in AbstractHttpSenderModule #20

Closed
EdMcBane opened this issue May 3, 2016 · 6 comments
Closed

Insecure SSL configuration in AbstractHttpSenderModule #20

EdMcBane opened this issue May 3, 2016 · 6 comments
Assignees
@phax
Labels
bug

Comments

@EdMcBane
Copy link

EdMcBane commented May 3, 2016

I've noticed that the SSL configuration in AbstractHttpSenderModule is insecure, in that it does not verify certificates or hostames (using DoNothingTrustManager and HostnameVerifierAlwaysTrue).
Moreover, there seem to be no obvious way to override these when used from AS2ClientBuilder / AS2Client, since AS2Client.sendSynchronous() does instantiate an insecure AS2SenderModule directly, without any factory or configuration point.
Is this by design? Would you accept a pull request that made the AS2SenderModule configurable?

Cheers
@phax
Copy link
Owner

phax commented May 3, 2016

Thanks for pointing this out.
Any PR is welcome :)

@phax phax self-assigned this May 3, 2016
@phax phax added the bug label May 3, 2016
@phax
Copy link
Owner

phax commented May 4, 2016

Thanks for PR #21

phax added a commit that referenced this issue May 4, 2016
@phax
Made SSLContext and HostnameVerifier customizable for #20
4397e31
@phax
Copy link
Owner

phax commented May 4, 2016

The commit adds 2 additional protected methods that allows you to customize SSLContext and HostnameVerifier. Does that make adaptation more simple?

@EdMcBane
Copy link
Author

EdMcBane commented May 4, 2016

Indeed. Thanks.

@phax
Copy link
Owner

phax commented May 5, 2016

You want a 2.2.8 release

@phax phax closed this as completed May 5, 2016
@phax
Copy link
Owner

phax commented May 9, 2016

Release 2.2.8 is out

@phax phax mentioned this issue Aug 7, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phax phax

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phax @EdMcBane