New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide concrete configuration for hostname verification #127

Closed
dfish3r opened this Issue Aug 28, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@dfish3r
Copy link
Member

dfish3r commented Aug 28, 2017

Hostname verification is currently configured via a specific trust manager.
This can lead to ambiguity as to whether or not trust was actually configured or just hostname verification.

dfish3r added a commit that referenced this issue Aug 28, 2017

Add HostnameVerfierConfig.
Update AbstractSSLContextInitializer to leverage HostnameVerifierConfig to signal the use of HostnameVerifyingTrustManager.
Inject the DefaultTrustManager if only hostname verification is requested.
Add HostnameVerifierConfig properties to SslConfig and SSLContextInitializer implementations.
Add unit tests.
Fixes #127.

@serac serac closed this in #128 Aug 28, 2017

dfish3r added a commit that referenced this issue Sep 8, 2017

Minor refactoring of hostname verification.
Expose the CertificateHostnameVerifier in SslConfig, protect the HostnameVerifierConfig so it is only used internally.
This provides a simpler and better interface for clients, with mostly expected outcomes. (JNDI startTLS)
Provide an adapter class to use HostnameVerifier as a CertificateHostnameVerifier.
See #127.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment