(camel) branch main updated: CAMEL-23743: Add hostnameVerificationPolicy option to HttpComponent/HttpEndpoint (#23987)

fmariani Fri, 12 Jun 2026 09:19:00 -0700

This is an automated email from the ASF dual-hosted git repository.

Croway pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git



The following commit(s) were added to refs/heads/main by this push:
     new 5eabbb78b233 CAMEL-23743: Add hostnameVerificationPolicy option to 
HttpComponent/HttpEndpoint (#23987)
5eabbb78b233 is described below

commit 5eabbb78b233aa5de9bb3f01545f1d7898ffe425
Author: Rajkumar Pamu <[email protected]>
AuthorDate: Fri Jun 12 21:48:45 2026 +0530

    CAMEL-23743: Add hostnameVerificationPolicy option to 
HttpComponent/HttpEndpoint (#23987)
    
    * CAMEL-23743: Add hostnameVerificationPolicy option to 
HttpComponent/HttpEndpoint
    
    * CAMEL-23743: Add upgrade guide entry for hostnameVerificationPolicy option
    
    * CAMEL-23743: Add missing generated DSL and catalog files for 
hostnameVerificationPolicy
    
    * CAMEL-23743: Regenerate DSL files for hostnameVerificationPolicy
---
 .../org/apache/camel/catalog/components/http.json  |  38 +++---
 .../org/apache/camel/catalog/components/https.json |  38 +++---
 .../component/http/HttpComponentConfigurer.java    |   6 +
 .../component/http/HttpEndpointConfigurer.java     |   6 +
 .../component/http/HttpEndpointUriFactory.java     |   3 +-
 .../org/apache/camel/component/http/http.json      |  38 +++---
 .../org/apache/camel/component/http/https.json     |  38 +++---
 .../apache/camel/component/http/HttpComponent.java |  36 ++++--
 .../apache/camel/component/http/HttpEndpoint.java  |  23 ++++
 .../http/HttpsHostnameVerificationPolicyTest.java  | 127 +++++++++++++++++++++
 .../ROOT/pages/camel-4x-upgrade-guide-4_21.adoc    |  11 ++
 .../component/dsl/HttpComponentBuilderFactory.java |  27 +++++
 .../dsl/HttpsComponentBuilderFactory.java          |  27 +++++
 .../endpoint/dsl/HttpEndpointBuilderFactory.java   |  48 ++++++++
 14 files changed, 386 insertions(+), 80 deletions(-)

diff --git 
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/http.json
 
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/http.json
index 6b5caa3b9291..6f79c72d50ff 100644
--- 
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/http.json
+++ 
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/http.json
@@ -69,13 +69,14 @@
     "proxyAuthUsername": { "index": 39, "kind": "property", "displayName": 
"Proxy Auth Username", "group": "proxy", "label": "producer,proxy", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": "Proxy 
server username" },
     "proxyHost": { "index": 40, "kind": "property", "displayName": "Proxy 
Host", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"string", "javaType": "java.lang.String", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server host" },
     "proxyPort": { "index": 41, "kind": "property", "displayName": "Proxy 
Port", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"integer", "javaType": "java.lang.Integer", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server port" },
-    "sslContextParameters": { "index": 42, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
-    "useGlobalSslContextParameters": { "index": 43, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
-    "x509HostnameVerifier": { "index": 44, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
-    "connectionRequestTimeout": { "index": 45, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
-    "connectTimeout": { "index": 46, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
-    "responseTimeout": { "index": 47, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
-    "soTimeout": { "index": 48, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
+    "hostnameVerificationPolicy": { "index": 42, "kind": "property", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (def [...]
+    "sslContextParameters": { "index": 43, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
+    "useGlobalSslContextParameters": { "index": 44, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
+    "x509HostnameVerifier": { "index": 45, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
+    "connectionRequestTimeout": { "index": 46, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
+    "connectTimeout": { "index": 47, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
+    "responseTimeout": { "index": 48, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
+    "soTimeout": { "index": 49, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
   },
   "headers": {
     "Content-Encoding": { "index": 0, "kind": "header", "displayName": "", 
"group": "producer", "label": "", "required": false, "javaType": "String", 
"deprecated": false, "deprecationNote": "", "autowired": false, "secret": 
false, "description": "The HTTP content encoding. Is set on both the IN and OUT 
message to provide a content encoding, such as gzip.", "constantName": 
"org.apache.camel.component.http.HttpConstants#CONTENT_ENCODING" },
@@ -150,16 +151,17 @@
     "authMethod": { "index": 53, "kind": "parameter", "displayName": "Auth 
Method", "group": "security", "label": "producer,security", "required": false, 
"type": "enum", "javaType": "java.lang.String", "enum": [ "Basic", "Bearer", 
"NTLM" ], "deprecated": false, "autowired": false, "secret": false, 
"description": "Authentication methods allowed to use as a comma separated list 
of values Basic, Bearer, or NTLM. (NTLM is deprecated)" },
     "authPassword": { "index": 54, "kind": "parameter", "displayName": "Auth 
Password", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication password" },
     "authUsername": { "index": 55, "kind": "parameter", "displayName": "Auth 
Username", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication username" },
-    "oauth2BodyAuthentication": { "index": 56, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
-    "oauth2CachedTokensDefaultExpirySeconds": { "index": 57, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
-    "oauth2CachedTokensExpirationMarginSeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
-    "oauth2CacheTokens": { "index": 59, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
-    "oauth2ClientId": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
-    "oauth2ClientSecret": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
-    "oauth2ResourceIndicator": { "index": 62, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
-    "oauth2Scope": { "index": 63, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
-    "oauth2TokenEndpoint": { "index": 64, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
-    "sslContextParameters": { "index": 65, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
-    "x509HostnameVerifier": { "index": 66, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
+    "hostnameVerificationPolicy": { "index": 56, "kind": "parameter", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (de [...]
+    "oauth2BodyAuthentication": { "index": 57, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
+    "oauth2CachedTokensDefaultExpirySeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
+    "oauth2CachedTokensExpirationMarginSeconds": { "index": 59, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
+    "oauth2CacheTokens": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
+    "oauth2ClientId": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
+    "oauth2ClientSecret": { "index": 62, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
+    "oauth2ResourceIndicator": { "index": 63, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
+    "oauth2Scope": { "index": 64, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
+    "oauth2TokenEndpoint": { "index": 65, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
+    "sslContextParameters": { "index": 66, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
+    "x509HostnameVerifier": { "index": 67, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
   }
 }
diff --git 
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/https.json
 
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/https.json
index e3ec05d138ea..aefe733ab04a 100644
--- 
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/https.json
+++ 
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/https.json
@@ -69,13 +69,14 @@
     "proxyAuthUsername": { "index": 39, "kind": "property", "displayName": 
"Proxy Auth Username", "group": "proxy", "label": "producer,proxy", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": "Proxy 
server username" },
     "proxyHost": { "index": 40, "kind": "property", "displayName": "Proxy 
Host", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"string", "javaType": "java.lang.String", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server host" },
     "proxyPort": { "index": 41, "kind": "property", "displayName": "Proxy 
Port", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"integer", "javaType": "java.lang.Integer", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server port" },
-    "sslContextParameters": { "index": 42, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
-    "useGlobalSslContextParameters": { "index": 43, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
-    "x509HostnameVerifier": { "index": 44, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
-    "connectionRequestTimeout": { "index": 45, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
-    "connectTimeout": { "index": 46, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
-    "responseTimeout": { "index": 47, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
-    "soTimeout": { "index": 48, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
+    "hostnameVerificationPolicy": { "index": 42, "kind": "property", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (def [...]
+    "sslContextParameters": { "index": 43, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
+    "useGlobalSslContextParameters": { "index": 44, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
+    "x509HostnameVerifier": { "index": 45, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
+    "connectionRequestTimeout": { "index": 46, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
+    "connectTimeout": { "index": 47, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
+    "responseTimeout": { "index": 48, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
+    "soTimeout": { "index": 49, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
   },
   "headers": {
     "Content-Encoding": { "index": 0, "kind": "header", "displayName": "", 
"group": "producer", "label": "", "required": false, "javaType": "String", 
"deprecated": false, "deprecationNote": "", "autowired": false, "secret": 
false, "description": "The HTTP content encoding. Is set on both the IN and OUT 
message to provide a content encoding, such as gzip.", "constantName": 
"org.apache.camel.component.http.HttpConstants#CONTENT_ENCODING" },
@@ -150,16 +151,17 @@
     "authMethod": { "index": 53, "kind": "parameter", "displayName": "Auth 
Method", "group": "security", "label": "producer,security", "required": false, 
"type": "enum", "javaType": "java.lang.String", "enum": [ "Basic", "Bearer", 
"NTLM" ], "deprecated": false, "autowired": false, "secret": false, 
"description": "Authentication methods allowed to use as a comma separated list 
of values Basic, Bearer, or NTLM. (NTLM is deprecated)" },
     "authPassword": { "index": 54, "kind": "parameter", "displayName": "Auth 
Password", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication password" },
     "authUsername": { "index": 55, "kind": "parameter", "displayName": "Auth 
Username", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication username" },
-    "oauth2BodyAuthentication": { "index": 56, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
-    "oauth2CachedTokensDefaultExpirySeconds": { "index": 57, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
-    "oauth2CachedTokensExpirationMarginSeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
-    "oauth2CacheTokens": { "index": 59, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
-    "oauth2ClientId": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
-    "oauth2ClientSecret": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
-    "oauth2ResourceIndicator": { "index": 62, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
-    "oauth2Scope": { "index": 63, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
-    "oauth2TokenEndpoint": { "index": 64, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
-    "sslContextParameters": { "index": 65, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
-    "x509HostnameVerifier": { "index": 66, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
+    "hostnameVerificationPolicy": { "index": 56, "kind": "parameter", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (de [...]
+    "oauth2BodyAuthentication": { "index": 57, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
+    "oauth2CachedTokensDefaultExpirySeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
+    "oauth2CachedTokensExpirationMarginSeconds": { "index": 59, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
+    "oauth2CacheTokens": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
+    "oauth2ClientId": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
+    "oauth2ClientSecret": { "index": 62, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
+    "oauth2ResourceIndicator": { "index": 63, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
+    "oauth2Scope": { "index": 64, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
+    "oauth2TokenEndpoint": { "index": 65, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
+    "sslContextParameters": { "index": 66, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
+    "x509HostnameVerifier": { "index": 67, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
   }
 }
diff --git 
a/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpComponentConfigurer.java
 
b/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpComponentConfigurer.java
index 8ea9f56250c9..d67699d04c76 100644
--- 
a/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpComponentConfigurer.java
+++ 
b/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpComponentConfigurer.java
@@ -59,6 +59,8 @@ public class HttpComponentConfigurer extends 
PropertyConfigurerSupport implement
         case "followRedirects": 
target.setFollowRedirects(property(camelContext, boolean.class, value)); return 
true;
         case "headerfilterstrategy":
         case "headerFilterStrategy": 
target.setHeaderFilterStrategy(property(camelContext, 
org.apache.camel.spi.HeaderFilterStrategy.class, value)); return true;
+        case "hostnameverificationpolicy":
+        case "hostnameVerificationPolicy": 
target.setHostnameVerificationPolicy(property(camelContext, 
org.apache.hc.client5.http.ssl.HostnameVerificationPolicy.class, value)); 
return true;
         case "httpactivitylistener":
         case "httpActivityListener": 
target.setHttpActivityListener(property(camelContext, 
org.apache.camel.component.http.HttpActivityListener.class, value)); return 
true;
         case "httpbinding":
@@ -169,6 +171,8 @@ public class HttpComponentConfigurer extends 
PropertyConfigurerSupport implement
         case "followRedirects": return boolean.class;
         case "headerfilterstrategy":
         case "headerFilterStrategy": return 
org.apache.camel.spi.HeaderFilterStrategy.class;
+        case "hostnameverificationpolicy":
+        case "hostnameVerificationPolicy": return 
org.apache.hc.client5.http.ssl.HostnameVerificationPolicy.class;
         case "httpactivitylistener":
         case "httpActivityListener": return 
org.apache.camel.component.http.HttpActivityListener.class;
         case "httpbinding":
@@ -275,6 +279,8 @@ public class HttpComponentConfigurer extends 
PropertyConfigurerSupport implement
         case "followRedirects": return target.isFollowRedirects();
         case "headerfilterstrategy":
         case "headerFilterStrategy": return target.getHeaderFilterStrategy();
+        case "hostnameverificationpolicy":
+        case "hostnameVerificationPolicy": return 
target.getHostnameVerificationPolicy();
         case "httpactivitylistener":
         case "httpActivityListener": return target.getHttpActivityListener();
         case "httpbinding":
diff --git 
a/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointConfigurer.java
 
b/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointConfigurer.java
index f80127c209dc..a3e047010724 100644
--- 
a/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointConfigurer.java
+++ 
b/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointConfigurer.java
@@ -69,6 +69,8 @@ public class HttpEndpointConfigurer extends 
PropertyConfigurerSupport implements
         case "getWithBody": target.setGetWithBody(property(camelContext, 
boolean.class, value)); return true;
         case "headerfilterstrategy":
         case "headerFilterStrategy": 
target.setHeaderFilterStrategy(property(camelContext, 
org.apache.camel.spi.HeaderFilterStrategy.class, value)); return true;
+        case "hostnameverificationpolicy":
+        case "hostnameVerificationPolicy": 
target.setHostnameVerificationPolicy(property(camelContext, 
org.apache.hc.client5.http.ssl.HostnameVerificationPolicy.class, value)); 
return true;
         case "httpactivitylistener":
         case "httpActivityListener": 
target.setHttpActivityListener(property(camelContext, 
org.apache.camel.component.http.HttpActivityListener.class, value)); return 
true;
         case "httpclient":
@@ -208,6 +210,8 @@ public class HttpEndpointConfigurer extends 
PropertyConfigurerSupport implements
         case "getWithBody": return boolean.class;
         case "headerfilterstrategy":
         case "headerFilterStrategy": return 
org.apache.camel.spi.HeaderFilterStrategy.class;
+        case "hostnameverificationpolicy":
+        case "hostnameVerificationPolicy": return 
org.apache.hc.client5.http.ssl.HostnameVerificationPolicy.class;
         case "httpactivitylistener":
         case "httpActivityListener": return 
org.apache.camel.component.http.HttpActivityListener.class;
         case "httpclient":
@@ -348,6 +352,8 @@ public class HttpEndpointConfigurer extends 
PropertyConfigurerSupport implements
         case "getWithBody": return target.isGetWithBody();
         case "headerfilterstrategy":
         case "headerFilterStrategy": return target.getHeaderFilterStrategy();
+        case "hostnameverificationpolicy":
+        case "hostnameVerificationPolicy": return 
target.getHostnameVerificationPolicy();
         case "httpactivitylistener":
         case "httpActivityListener": return target.getHttpActivityListener();
         case "httpclient":
diff --git 
a/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointUriFactory.java
 
b/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointUriFactory.java
index f6a0f23d4830..7116723c7b1f 100644
--- 
a/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointUriFactory.java
+++ 
b/components/camel-http/src/generated/java/org/apache/camel/component/http/HttpEndpointUriFactory.java
@@ -25,7 +25,7 @@ public class HttpEndpointUriFactory extends 
org.apache.camel.support.component.E
     private static final Set<String> ENDPOINT_IDENTITY_PROPERTY_NAMES;
     private static final Map<String, String> MULTI_VALUE_PREFIXES;
     static {
-        Set<String> props = new HashSet<>(67);
+        Set<String> props = new HashSet<>(68);
         props.add("authBearerToken");
         props.add("authDomain");
         props.add("authHost");
@@ -49,6 +49,7 @@ public class HttpEndpointUriFactory extends 
org.apache.camel.support.component.E
         props.add("followRedirects");
         props.add("getWithBody");
         props.add("headerFilterStrategy");
+        props.add("hostnameVerificationPolicy");
         props.add("httpActivityListener");
         props.add("httpClient");
         props.add("httpClientConfigurer");
diff --git 
a/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/http.json
 
b/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/http.json
index 6b5caa3b9291..6f79c72d50ff 100644
--- 
a/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/http.json
+++ 
b/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/http.json
@@ -69,13 +69,14 @@
     "proxyAuthUsername": { "index": 39, "kind": "property", "displayName": 
"Proxy Auth Username", "group": "proxy", "label": "producer,proxy", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": "Proxy 
server username" },
     "proxyHost": { "index": 40, "kind": "property", "displayName": "Proxy 
Host", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"string", "javaType": "java.lang.String", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server host" },
     "proxyPort": { "index": 41, "kind": "property", "displayName": "Proxy 
Port", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"integer", "javaType": "java.lang.Integer", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server port" },
-    "sslContextParameters": { "index": 42, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
-    "useGlobalSslContextParameters": { "index": 43, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
-    "x509HostnameVerifier": { "index": 44, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
-    "connectionRequestTimeout": { "index": 45, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
-    "connectTimeout": { "index": 46, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
-    "responseTimeout": { "index": 47, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
-    "soTimeout": { "index": 48, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
+    "hostnameVerificationPolicy": { "index": 42, "kind": "property", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (def [...]
+    "sslContextParameters": { "index": 43, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
+    "useGlobalSslContextParameters": { "index": 44, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
+    "x509HostnameVerifier": { "index": 45, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
+    "connectionRequestTimeout": { "index": 46, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
+    "connectTimeout": { "index": 47, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
+    "responseTimeout": { "index": 48, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
+    "soTimeout": { "index": 49, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
   },
   "headers": {
     "Content-Encoding": { "index": 0, "kind": "header", "displayName": "", 
"group": "producer", "label": "", "required": false, "javaType": "String", 
"deprecated": false, "deprecationNote": "", "autowired": false, "secret": 
false, "description": "The HTTP content encoding. Is set on both the IN and OUT 
message to provide a content encoding, such as gzip.", "constantName": 
"org.apache.camel.component.http.HttpConstants#CONTENT_ENCODING" },
@@ -150,16 +151,17 @@
     "authMethod": { "index": 53, "kind": "parameter", "displayName": "Auth 
Method", "group": "security", "label": "producer,security", "required": false, 
"type": "enum", "javaType": "java.lang.String", "enum": [ "Basic", "Bearer", 
"NTLM" ], "deprecated": false, "autowired": false, "secret": false, 
"description": "Authentication methods allowed to use as a comma separated list 
of values Basic, Bearer, or NTLM. (NTLM is deprecated)" },
     "authPassword": { "index": 54, "kind": "parameter", "displayName": "Auth 
Password", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication password" },
     "authUsername": { "index": 55, "kind": "parameter", "displayName": "Auth 
Username", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication username" },
-    "oauth2BodyAuthentication": { "index": 56, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
-    "oauth2CachedTokensDefaultExpirySeconds": { "index": 57, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
-    "oauth2CachedTokensExpirationMarginSeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
-    "oauth2CacheTokens": { "index": 59, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
-    "oauth2ClientId": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
-    "oauth2ClientSecret": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
-    "oauth2ResourceIndicator": { "index": 62, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
-    "oauth2Scope": { "index": 63, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
-    "oauth2TokenEndpoint": { "index": 64, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
-    "sslContextParameters": { "index": 65, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
-    "x509HostnameVerifier": { "index": 66, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
+    "hostnameVerificationPolicy": { "index": 56, "kind": "parameter", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (de [...]
+    "oauth2BodyAuthentication": { "index": 57, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
+    "oauth2CachedTokensDefaultExpirySeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
+    "oauth2CachedTokensExpirationMarginSeconds": { "index": 59, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
+    "oauth2CacheTokens": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
+    "oauth2ClientId": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
+    "oauth2ClientSecret": { "index": 62, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
+    "oauth2ResourceIndicator": { "index": 63, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
+    "oauth2Scope": { "index": 64, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
+    "oauth2TokenEndpoint": { "index": 65, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
+    "sslContextParameters": { "index": 66, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
+    "x509HostnameVerifier": { "index": 67, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
   }
 }
diff --git 
a/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/https.json
 
b/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/https.json
index e3ec05d138ea..aefe733ab04a 100644
--- 
a/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/https.json
+++ 
b/components/camel-http/src/generated/resources/META-INF/org/apache/camel/component/http/https.json
@@ -69,13 +69,14 @@
     "proxyAuthUsername": { "index": 39, "kind": "property", "displayName": 
"Proxy Auth Username", "group": "proxy", "label": "producer,proxy", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": "Proxy 
server username" },
     "proxyHost": { "index": 40, "kind": "property", "displayName": "Proxy 
Host", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"string", "javaType": "java.lang.String", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server host" },
     "proxyPort": { "index": 41, "kind": "property", "displayName": "Proxy 
Port", "group": "proxy", "label": "producer,proxy", "required": false, "type": 
"integer", "javaType": "java.lang.Integer", "deprecated": false, "autowired": 
false, "secret": false, "description": "Proxy server port" },
-    "sslContextParameters": { "index": 42, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
-    "useGlobalSslContextParameters": { "index": 43, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
-    "x509HostnameVerifier": { "index": 44, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
-    "connectionRequestTimeout": { "index": 45, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
-    "connectTimeout": { "index": 46, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
-    "responseTimeout": { "index": 47, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
-    "soTimeout": { "index": 48, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
+    "hostnameVerificationPolicy": { "index": 42, "kind": "property", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (def [...]
+    "sslContextParameters": { "index": 43, "kind": "property", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.support.jsse.SSLContextParameters is supported per 
HttpComponent. If y [...]
+    "useGlobalSslContextParameters": { "index": 44, "kind": "property", 
"displayName": "Use Global Ssl Context Parameters", "group": "security", 
"label": "security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Enable usage of global SSL context 
parameters." },
+    "x509HostnameVerifier": { "index": 45, "kind": "property", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier." },
+    "connectionRequestTimeout": { "index": 46, "kind": "property", 
"displayName": "Connection Request Timeout", "group": "timeout", "label": 
"timeout", "required": false, "type": "integer", "javaType": "long", 
"deprecated": false, "autowired": false, "secret": false, "defaultValue": 
180000, "description": "Returns the connection lease request timeout (in 
millis) used when requesting a connection from the connection manager. A 
timeout value of zero is interpreted as a disabled timeout." },
+    "connectTimeout": { "index": 47, "kind": "property", "displayName": 
"Connect Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the timeout 
(in millis) until a new connection is fully established. A timeout value of 
zero is interpreted as an infinite timeout." },
+    "responseTimeout": { "index": 48, "kind": "property", "displayName": 
"Response Timeout", "group": "timeout", "label": "timeout", "required": false, 
"type": "integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "description": "Determines the timeout (in millis) until 
arrival of a response from the opposite endpoint. A timeout value of zero is 
interpreted as an infinite timeout. Please note that response timeout may be 
unsupported by HTTP transports w [...]
+    "soTimeout": { "index": 49, "kind": "property", "displayName": "So 
Timeout", "group": "timeout", "label": "timeout", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 180000, "description": "Determines the default 
socket timeout (in millis) value for blocking I\/O operations." }
   },
   "headers": {
     "Content-Encoding": { "index": 0, "kind": "header", "displayName": "", 
"group": "producer", "label": "", "required": false, "javaType": "String", 
"deprecated": false, "deprecationNote": "", "autowired": false, "secret": 
false, "description": "The HTTP content encoding. Is set on both the IN and OUT 
message to provide a content encoding, such as gzip.", "constantName": 
"org.apache.camel.component.http.HttpConstants#CONTENT_ENCODING" },
@@ -150,16 +151,17 @@
     "authMethod": { "index": 53, "kind": "parameter", "displayName": "Auth 
Method", "group": "security", "label": "producer,security", "required": false, 
"type": "enum", "javaType": "java.lang.String", "enum": [ "Basic", "Bearer", 
"NTLM" ], "deprecated": false, "autowired": false, "secret": false, 
"description": "Authentication methods allowed to use as a comma separated list 
of values Basic, Bearer, or NTLM. (NTLM is deprecated)" },
     "authPassword": { "index": 54, "kind": "parameter", "displayName": "Auth 
Password", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication password" },
     "authUsername": { "index": 55, "kind": "parameter", "displayName": "Auth 
Username", "group": "security", "label": "producer,security", "required": 
false, "type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": true, "security": "secret", "description": 
"Authentication username" },
-    "oauth2BodyAuthentication": { "index": 56, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
-    "oauth2CachedTokensDefaultExpirySeconds": { "index": 57, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
-    "oauth2CachedTokensExpirationMarginSeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
-    "oauth2CacheTokens": { "index": 59, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
-    "oauth2ClientId": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
-    "oauth2ClientSecret": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
-    "oauth2ResourceIndicator": { "index": 62, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
-    "oauth2Scope": { "index": 63, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
-    "oauth2TokenEndpoint": { "index": 64, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
-    "sslContextParameters": { "index": 65, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
-    "x509HostnameVerifier": { "index": 66, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
+    "hostnameVerificationPolicy": { "index": 56, "kind": "parameter", 
"displayName": "Hostname Verification Policy", "group": "security", "label": 
"security", "required": false, "type": "enum", "javaType": 
"org.apache.hc.client5.http.ssl.HostnameVerificationPolicy", "enum": [ 
"CLIENT", "BUILTIN", "BOTH" ], "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": "CLIENT", "description": "Controls how 
hostname verification is performed during the TLS handshake. CLIENT (de [...]
+    "oauth2BodyAuthentication": { "index": 57, "kind": "parameter", 
"displayName": "Oauth2 Body Authentication", "group": "security", "label": 
"producer,security", "required": false, "type": "boolean", "javaType": 
"boolean", "deprecated": false, "autowired": false, "secret": false, 
"defaultValue": false, "description": "Whether to use OAuth2 body 
authentication." },
+    "oauth2CachedTokensDefaultExpirySeconds": { "index": 58, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Default Expiry Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 3600, "description": "Default expiration time 
for cached OAuth2 tokens, in seconds. Used if token response does not contain 
'expires_in' field." },
+    "oauth2CachedTokensExpirationMarginSeconds": { "index": 59, "kind": 
"parameter", "displayName": "Oauth2 Cached Tokens Expiration Margin Seconds", 
"group": "security", "label": "producer,security", "required": false, "type": 
"integer", "javaType": "long", "deprecated": false, "autowired": false, 
"secret": false, "defaultValue": 5, "description": "Amount of time which is 
deducted from OAuth2 tokens expiry time to compensate for the time it takes 
OAuth2 Token Endpoint to send the token  [...]
+    "oauth2CacheTokens": { "index": 60, "kind": "parameter", "displayName": 
"Oauth2 Cache Tokens", "group": "security", "label": "producer,security", 
"required": false, "type": "boolean", "javaType": "boolean", "deprecated": 
false, "autowired": false, "secret": false, "defaultValue": false, 
"description": "Whether to cache OAuth2 client tokens." },
+    "oauth2ClientId": { "index": 61, "kind": "parameter", "displayName": 
"Oauth2 Client Id", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client id" },
+    "oauth2ClientSecret": { "index": 62, "kind": "parameter", "displayName": 
"Oauth2 Client Secret", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": true, "security": "secret", 
"description": "OAuth2 client secret" },
+    "oauth2ResourceIndicator": { "index": 63, "kind": "parameter", 
"displayName": "Oauth2 Resource Indicator", "group": "security", "label": 
"producer,security", "required": false, "type": "string", "javaType": 
"java.lang.String", "deprecated": false, "autowired": false, "secret": false, 
"description": "OAuth2 Token endpoint" },
+    "oauth2Scope": { "index": 64, "kind": "parameter", "displayName": "Oauth2 
Scope", "group": "security", "label": "producer,security", "required": false, 
"type": "string", "javaType": "java.lang.String", "deprecated": false, 
"autowired": false, "secret": false, "description": "OAuth2 scope" },
+    "oauth2TokenEndpoint": { "index": 65, "kind": "parameter", "displayName": 
"Oauth2 Token Endpoint", "group": "security", "label": "producer,security", 
"required": false, "type": "string", "javaType": "java.lang.String", 
"deprecated": false, "autowired": false, "secret": false, "description": 
"OAuth2 Resource Indicator" },
+    "sslContextParameters": { "index": 66, "kind": "parameter", "displayName": 
"Ssl Context Parameters", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": 
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, 
"autowired": false, "secret": false, "description": "To configure security 
using SSLContextParameters. Important: Only one instance of 
org.apache.camel.util.jsse.SSLContextParameters is supported per HttpComponent. 
If you [...]
+    "x509HostnameVerifier": { "index": 67, "kind": "parameter", "displayName": 
"X509 Hostname Verifier", "group": "security", "label": "security", "required": 
false, "type": "object", "javaType": "javax.net.ssl.HostnameVerifier", 
"deprecated": false, "autowired": false, "secret": false, "description": "To 
use a custom X509HostnameVerifier such as DefaultHostnameVerifier or 
NoopHostnameVerifier" }
   }
 }
diff --git 
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
 
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
index fdaba0e6828c..d7706108022e 100644
--- 
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
+++ 
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpComponent.java
@@ -101,6 +101,15 @@ public class HttpComponent extends HttpCommonComponent 
implements RestProducerFa
     @Metadata(label = "security",
               description = "To use a custom X509HostnameVerifier such as 
DefaultHostnameVerifier or NoopHostnameVerifier.")
     protected HostnameVerifier x509HostnameVerifier = new 
DefaultHostnameVerifier();
+    @Metadata(label = "security", defaultValue = "CLIENT", enums = 
"CLIENT,BUILTIN,BOTH",
+              description = "Controls how hostname verification is performed 
during the TLS handshake."
+                            + " CLIENT (default) delegates entirely to the 
configured x509HostnameVerifier, preserving the"
+                            + " behaviour of httpclient 5.5 and earlier — a 
NoopHostnameVerifier will disable verification."
+                            + " BUILTIN uses the JDK SSLParameters hostname 
check only, ignoring the configured verifier."
+                            + " BOTH runs the JDK built-in check first and 
then the configured verifier; a NoopHostnameVerifier"
+                            + " cannot bypass the built-in check under BUILTIN 
or BOTH."
+                            + " Prefer BOTH when no custom verifier semantics 
are needed for stronger out-of-the-box security.")
+    protected HostnameVerificationPolicy hostnameVerificationPolicy = 
HostnameVerificationPolicy.CLIENT;
     @Metadata(label = "advanced", defaultValue = "false",
               description = "To use System Properties as fallback for 
configuration for configuring HTTP Client")
     private boolean useSystemProperties;
@@ -539,13 +548,17 @@ public class HttpComponent extends HttpCommonComponent 
implements RestProducerFa
         final HostnameVerifier resolvedHostnameVerifier
                 = resolveAndRemoveReferenceParameter(parameters, 
"x509HostnameVerifier", HostnameVerifier.class);
         final HostnameVerifier hostnameVerifier = 
Optional.ofNullable(resolvedHostnameVerifier).orElse(x509HostnameVerifier);
+        final HostnameVerificationPolicy resolvedPolicy
+                = getAndRemoveParameter(parameters, 
"hostnameVerificationPolicy", HostnameVerificationPolicy.class,
+                        hostnameVerificationPolicy);
 
         // need to check the parameters of maxTotalConnections and 
connectionsPerRoute
         final int maxTotalConnections = getAndRemoveParameter(parameters, 
"maxTotalConnections", int.class, 0);
         final int connectionsPerRoute = getAndRemoveParameter(parameters, 
"connectionsPerRoute", int.class, 0);
         // do not remove as we set this later again
         final boolean sysProp = getParameter(parameters, 
"useSystemProperties", boolean.class, useSystemProperties);
-        final TlsSocketStrategy tlsStrategy = 
createTlsStrategy(hostnameVerifier, sslContextParameters, sysProp);
+        final TlsSocketStrategy tlsStrategy
+                = createTlsStrategy(hostnameVerifier, resolvedPolicy, 
sslContextParameters, sysProp);
 
         // allow the builder pattern
         
httpConnectionOptions.putAll(PropertiesHelper.extractProperties(parameters, 
"httpConnection."));
@@ -603,20 +616,16 @@ public class HttpComponent extends HttpCommonComponent 
implements RestProducerFa
     }
 
     protected TlsSocketStrategy createTlsStrategy(
-            HostnameVerifier x509HostnameVerifier,
+            HostnameVerifier x509HostnameVerifier, HostnameVerificationPolicy 
hostnameVerificationPolicy,
             SSLContextParameters sslContextParams, boolean useSystemProperties)
             throws GeneralSecurityException, IOException {
         SSLContext sslContext = sslContextParams != null
                 ? sslContextParams.createSSLContext(getCamelContext())
                 : (useSystemProperties ? SSLContexts.createSystemDefault() : 
SSLContexts.createDefault());
-        // httpclient 5.6 changed DefaultClientTlsStrategy to use BOTH policy 
by default,
-        // which enables the JDK built-in hostname check via SSLParameters in 
addition to the
-        // custom verifier. Use CLIENT so only the configured verifier decides 
— this restores
-        // the 5.5.2 behavior where NoopHostnameVerifier actually disables 
verification.
         return ClientTlsStrategyBuilder.create()
                 .setSslContext(sslContext)
                 .setHostnameVerifier(x509HostnameVerifier)
-                .setHostVerificationPolicy(HostnameVerificationPolicy.CLIENT)
+                .setHostVerificationPolicy(hostnameVerificationPolicy)
                 .buildClassic();
     }
 
@@ -793,6 +802,19 @@ public class HttpComponent extends HttpCommonComponent 
implements RestProducerFa
         this.x509HostnameVerifier = x509HostnameVerifier;
     }
 
+    public HostnameVerificationPolicy getHostnameVerificationPolicy() {
+        return hostnameVerificationPolicy;
+    }
+
+    /**
+     * Controls how hostname verification is performed during the TLS 
handshake. CLIENT (default) delegates entirely to
+     * the configured x509HostnameVerifier. BUILTIN uses only the JDK 
SSLParameters check. BOTH runs both; a
+     * NoopHostnameVerifier cannot bypass the built-in check under BUILTIN or 
BOTH.
+     */
+    public void setHostnameVerificationPolicy(HostnameVerificationPolicy 
hostnameVerificationPolicy) {
+        this.hostnameVerificationPolicy = hostnameVerificationPolicy;
+    }
+
     public boolean isUseSystemProperties() {
         return useSystemProperties;
     }
diff --git 
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
 
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
index 2dfe94efe325..619f9305b4aa 100644
--- 
a/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
+++ 
b/components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java
@@ -51,6 +51,7 @@ import org.apache.hc.client5.http.cookie.CookieStore;
 import org.apache.hc.client5.http.impl.DefaultRedirectStrategy;
 import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.io.HttpClientConnectionManager;
+import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
 import org.apache.hc.core5.http.EntityDetails;
 import org.apache.hc.core5.http.HttpEntity;
 import org.apache.hc.core5.http.HttpException;
@@ -153,6 +154,15 @@ public class HttpEndpoint extends HttpCommonEndpoint 
implements LineNumberAware
     @UriParam(label = "security",
               description = "To use a custom X509HostnameVerifier such as 
DefaultHostnameVerifier or NoopHostnameVerifier")
     private HostnameVerifier x509HostnameVerifier;
+    @UriParam(label = "security", defaultValue = "CLIENT", enums = 
"CLIENT,BUILTIN,BOTH",
+              description = "Controls how hostname verification is performed 
during the TLS handshake."
+                            + " CLIENT (default) delegates entirely to the 
configured x509HostnameVerifier, preserving the"
+                            + " behaviour of httpclient 5.5 and earlier — a 
NoopHostnameVerifier will disable verification."
+                            + " BUILTIN uses the JDK SSLParameters hostname 
check only, ignoring the configured verifier."
+                            + " BOTH runs the JDK built-in check first and 
then the configured verifier; a NoopHostnameVerifier"
+                            + " cannot bypass the built-in check under BUILTIN 
or BOTH."
+                            + " Prefer BOTH when no custom verifier semantics 
are needed for stronger out-of-the-box security.")
+    private HostnameVerificationPolicy hostnameVerificationPolicy;
     @UriParam(label = "producer,advanced", description = "To use custom host 
header for producer. When not set in query will "
                                                          + "be ignored. When 
set will override host header derived from url.")
     private String customHostHeader;
@@ -589,6 +599,19 @@ public class HttpEndpoint extends HttpCommonEndpoint 
implements LineNumberAware
         this.x509HostnameVerifier = x509HostnameVerifier;
     }
 
+    public HostnameVerificationPolicy getHostnameVerificationPolicy() {
+        return hostnameVerificationPolicy;
+    }
+
+    /**
+     * Controls how hostname verification is performed during the TLS 
handshake. CLIENT (default) delegates entirely to
+     * the configured x509HostnameVerifier. BUILTIN uses only the JDK 
SSLParameters check. BOTH runs both; a
+     * NoopHostnameVerifier cannot bypass the built-in check under BUILTIN or 
BOTH.
+     */
+    public void setHostnameVerificationPolicy(HostnameVerificationPolicy 
hostnameVerificationPolicy) {
+        this.hostnameVerificationPolicy = hostnameVerificationPolicy;
+    }
+
     public SSLContextParameters getSslContextParameters() {
         return sslContextParameters;
     }
diff --git 
a/components/camel-http/src/test/java/org/apache/camel/component/http/HttpsHostnameVerificationPolicyTest.java
 
b/components/camel-http/src/test/java/org/apache/camel/component/http/HttpsHostnameVerificationPolicyTest.java
new file mode 100644
index 000000000000..407b65e896f8
--- /dev/null
+++ 
b/components/camel-http/src/test/java/org/apache/camel/component/http/HttpsHostnameVerificationPolicyTest.java
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.http;
+
+import org.apache.camel.BindToRegistry;
+import org.apache.camel.Exchange;
+import org.apache.camel.component.http.handler.BasicValidationHandler;
+import org.apache.camel.support.jsse.SSLContextParameters;
+import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.http.impl.bootstrap.HttpServer;
+import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap;
+import org.junit.jupiter.api.Test;
+
+import static org.apache.camel.component.http.HttpMethods.GET;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+/**
+ * Verifies that hostnameVerificationPolicy is honoured by HttpComponent / 
HttpEndpoint.
+ *
+ * The embedded server uses a self-signed cert issued to "localhost". Tests 
connect to "localhost" so BUILTIN/BOTH pass
+ * the JDK hostname check; tests that set an invalid SNI host demonstrate that 
CLIENT delegates entirely to the
+ * configured verifier (NoopHostnameVerifier → always passes).
+ */
+public class HttpsHostnameVerificationPolicyTest extends BaseHttpsTest {
+
+    private HttpServer localServer;
+
+    @BindToRegistry("noop")
+    private NoopHostnameVerifier noop = new NoopHostnameVerifier();
+
+    @BindToRegistry("ssl")
+    private SSLContextParameters ssl = new SSLContextParameters();
+
+    @Override
+    public void doPreSetup() throws Exception {
+        localServer = ServerBootstrap.bootstrap()
+                .setCanonicalHostName("localhost")
+                .setHttpProcessor(getBasicHttpProcessor())
+                .setConnectionReuseStrategy(getConnectionReuseStrategy())
+                .setResponseFactory(getHttpResponseFactory())
+                .setSslContext(getSSLContext())
+                .register("/test/", new BasicValidationHandler(GET.name(), 
null, null, getExpectedContent()))
+                .create();
+        localServer.start();
+    }
+
+    @Override
+    public void cleanupResources() {
+        if (localServer != null) {
+            localServer.stop();
+        }
+    }
+
+    // CLIENT policy: NoopHostnameVerifier is the sole decider — request 
succeeds even though
+    // the cert is self-signed, because Noop always returns true.
+    @Test
+    public void clientPolicyWithNoopSucceeds() {
+        Exchange exchange = template.request(
+                "https://localhost:"; + localServer.getLocalPort()
+                                             + 
"/test/?x509HostnameVerifier=#noop&sslContextParameters=#ssl&hostnameVerificationPolicy=CLIENT",
+                e -> {
+                });
+        assertNotNull(exchange);
+        assertNull(exchange.getException(), "Expected no exception with CLIENT 
+ NoopHostnameVerifier");
+    }
+
+    // BOTH policy: JDK check runs first. The cert is issued to "localhost" 
and we connect to
+    // "localhost", so the built-in check passes; Noop then also passes → 
success.
+    @Test
+    public void bothPolicyLocalhostCertSucceeds() {
+        Exchange exchange = template.request(
+                "https://localhost:"; + localServer.getLocalPort()
+                                             + 
"/test/?x509HostnameVerifier=#noop&sslContextParameters=#ssl&hostnameVerificationPolicy=BOTH",
+                e -> {
+                });
+        assertNotNull(exchange);
+        assertNull(exchange.getException(), "Expected no exception with BOTH 
when hostname matches cert");
+    }
+
+    // BUILTIN policy: only the JDK SSLParameters check runs. The cert is 
issued to "localhost" and
+    // we connect to "localhost" → should pass regardless of the configured 
verifier.
+    @Test
+    public void builtinPolicyLocalhostCertSucceeds() {
+        Exchange exchange = template.request(
+                "https://localhost:"; + localServer.getLocalPort()
+                                             + 
"/test/?x509HostnameVerifier=#noop&sslContextParameters=#ssl&hostnameVerificationPolicy=BUILTIN",
+                e -> {
+                });
+        assertNotNull(exchange);
+        assertNull(exchange.getException(), "Expected no exception with 
BUILTIN when hostname matches cert");
+    }
+
+    // Verify that hostnameVerificationPolicy can also be set at the component 
level.
+    @Test
+    public void componentLevelPolicyIsRespected() {
+        HttpComponent http = context.getComponent("https", 
HttpComponent.class);
+        HostnameVerificationPolicy original = 
http.getHostnameVerificationPolicy();
+        try {
+            
http.setHostnameVerificationPolicy(HostnameVerificationPolicy.CLIENT);
+            Exchange exchange = template.request(
+                    "https://localhost:"; + localServer.getLocalPort()
+                                                 + 
"/test/?x509HostnameVerifier=#noop&sslContextParameters=#ssl",
+                    e -> {
+                    });
+            assertNotNull(exchange);
+            assertNull(exchange.getException(), "Expected no exception when 
component policy is CLIENT + Noop");
+        } finally {
+            http.setHostnameVerificationPolicy(original);
+        }
+    }
+}
diff --git 
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc 
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
index 635c11acfe6f..982c47367530 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
@@ -2329,6 +2329,17 @@ hostname verification. HttpClient 5.6 changed the 
default to `HostnameVerificati
 which enables the JDK check alongside the custom verifier — making 
`NoopHostnameVerifier` ineffective
 because the JDK check runs first and rejects mismatched certificates.
 
+The policy is now configurable via the `hostnameVerificationPolicy` option on 
both `HttpComponent`
+and `HttpEndpoint`, accepting `CLIENT` (default), `BUILTIN`, or `BOTH`:
+
+* `CLIENT` — only the configured `x509HostnameVerifier` decides. 
`NoopHostnameVerifier` disables verification. This is the default and preserves 
backward compatibility.
+* `BUILTIN` — only the JDK SSLParameters hostname check runs. The configured 
verifier is ignored.
+* `BOTH` — the JDK check runs first, then the configured verifier. A 
`NoopHostnameVerifier` cannot bypass the JDK check. Recommended where no custom 
verifier semantics are needed.
+
+Users who were affected by the `NoopHostnameVerifier` regression introduced in 
HttpClient 5.6 should
+keep the default `CLIENT` policy or set it explicitly. Users who want stronger 
out-of-the-box security
+and do not rely on a custom verifier can opt in to `BOTH`.
+
 The `CLIENT` policy is a deliberate choice: it preserves backward 
compatibility and allows
 `NoopHostnameVerifier` to work as documented. A future release may add an 
option to opt into the
 `BOTH` policy for defense-in-depth.
diff --git 
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpComponentBuilderFactory.java
 
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpComponentBuilderFactory.java
index 253e52ab737f..326562318dce 100644
--- 
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpComponentBuilderFactory.java
+++ 
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpComponentBuilderFactory.java
@@ -785,6 +785,32 @@ public interface HttpComponentBuilderFactory {
             return this;
         }
     
+        
+        /**
+         * Controls how hostname verification is performed during the TLS
+         * handshake. CLIENT (default) delegates entirely to the configured
+         * x509HostnameVerifier, preserving the behaviour of httpclient 5.5 and
+         * earlier a NoopHostnameVerifier will disable verification. BUILTIN
+         * uses the JDK SSLParameters hostname check only, ignoring the
+         * configured verifier. BOTH runs the JDK built-in check first and then
+         * the configured verifier; a NoopHostnameVerifier cannot bypass the
+         * built-in check under BUILTIN or BOTH. Prefer BOTH when no custom
+         * verifier semantics are needed for stronger out-of-the-box security.
+         * 
+         * The option is a:
+         * 
&lt;code&gt;org.apache.hc.client5.http.ssl.HostnameVerificationPolicy&lt;/code&gt;
 type.
+         * 
+         * Default: CLIENT
+         * Group: security
+         * 
+         * @param hostnameVerificationPolicy the value to set
+         * @return the dsl builder
+         */
+        default HttpComponentBuilder 
hostnameVerificationPolicy(org.apache.hc.client5.http.ssl.HostnameVerificationPolicy
 hostnameVerificationPolicy) {
+            doSetProperty("hostnameVerificationPolicy", 
hostnameVerificationPolicy);
+            return this;
+        }
+    
         /**
          * To configure security using SSLContextParameters. Important: Only 
one
          * instance of org.apache.camel.support.jsse.SSLContextParameters is
@@ -969,6 +995,7 @@ public interface HttpComponentBuilderFactory {
             case "proxyAuthUsername": ((HttpComponent) 
component).setProxyAuthUsername((java.lang.String) value); return true;
             case "proxyHost": ((HttpComponent) 
component).setProxyHost((java.lang.String) value); return true;
             case "proxyPort": ((HttpComponent) 
component).setProxyPort((java.lang.Integer) value); return true;
+            case "hostnameVerificationPolicy": ((HttpComponent) 
component).setHostnameVerificationPolicy((org.apache.hc.client5.http.ssl.HostnameVerificationPolicy)
 value); return true;
             case "sslContextParameters": ((HttpComponent) 
component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters)
 value); return true;
             case "useGlobalSslContextParameters": ((HttpComponent) 
component).setUseGlobalSslContextParameters((boolean) value); return true;
             case "x509HostnameVerifier": ((HttpComponent) 
component).setX509HostnameVerifier((javax.net.ssl.HostnameVerifier) value); 
return true;
diff --git 
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpsComponentBuilderFactory.java
 
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpsComponentBuilderFactory.java
index b622ab9d6f8e..4fd82afc2b11 100644
--- 
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpsComponentBuilderFactory.java
+++ 
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/HttpsComponentBuilderFactory.java
@@ -785,6 +785,32 @@ public interface HttpsComponentBuilderFactory {
             return this;
         }
     
+        
+        /**
+         * Controls how hostname verification is performed during the TLS
+         * handshake. CLIENT (default) delegates entirely to the configured
+         * x509HostnameVerifier, preserving the behaviour of httpclient 5.5 and
+         * earlier a NoopHostnameVerifier will disable verification. BUILTIN
+         * uses the JDK SSLParameters hostname check only, ignoring the
+         * configured verifier. BOTH runs the JDK built-in check first and then
+         * the configured verifier; a NoopHostnameVerifier cannot bypass the
+         * built-in check under BUILTIN or BOTH. Prefer BOTH when no custom
+         * verifier semantics are needed for stronger out-of-the-box security.
+         * 
+         * The option is a:
+         * 
&lt;code&gt;org.apache.hc.client5.http.ssl.HostnameVerificationPolicy&lt;/code&gt;
 type.
+         * 
+         * Default: CLIENT
+         * Group: security
+         * 
+         * @param hostnameVerificationPolicy the value to set
+         * @return the dsl builder
+         */
+        default HttpsComponentBuilder 
hostnameVerificationPolicy(org.apache.hc.client5.http.ssl.HostnameVerificationPolicy
 hostnameVerificationPolicy) {
+            doSetProperty("hostnameVerificationPolicy", 
hostnameVerificationPolicy);
+            return this;
+        }
+    
         /**
          * To configure security using SSLContextParameters. Important: Only 
one
          * instance of org.apache.camel.support.jsse.SSLContextParameters is
@@ -969,6 +995,7 @@ public interface HttpsComponentBuilderFactory {
             case "proxyAuthUsername": ((HttpComponent) 
component).setProxyAuthUsername((java.lang.String) value); return true;
             case "proxyHost": ((HttpComponent) 
component).setProxyHost((java.lang.String) value); return true;
             case "proxyPort": ((HttpComponent) 
component).setProxyPort((java.lang.Integer) value); return true;
+            case "hostnameVerificationPolicy": ((HttpComponent) 
component).setHostnameVerificationPolicy((org.apache.hc.client5.http.ssl.HostnameVerificationPolicy)
 value); return true;
             case "sslContextParameters": ((HttpComponent) 
component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters)
 value); return true;
             case "useGlobalSslContextParameters": ((HttpComponent) 
component).setUseGlobalSslContextParameters((boolean) value); return true;
             case "x509HostnameVerifier": ((HttpComponent) 
component).setX509HostnameVerifier((javax.net.ssl.HostnameVerifier) value); 
return true;
diff --git 
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/HttpEndpointBuilderFactory.java
 
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/HttpEndpointBuilderFactory.java
index 13c79e4f6aef..c0552d0e5bc0 100644
--- 
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/HttpEndpointBuilderFactory.java
+++ 
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/HttpEndpointBuilderFactory.java
@@ -734,6 +734,54 @@ public interface HttpEndpointBuilderFactory {
             doSetProperty("authUsername", authUsername);
             return this;
         }
+        /**
+         * Controls how hostname verification is performed during the TLS
+         * handshake. CLIENT (default) delegates entirely to the configured
+         * x509HostnameVerifier, preserving the behaviour of httpclient 5.5 and
+         * earlier a NoopHostnameVerifier will disable verification. BUILTIN
+         * uses the JDK SSLParameters hostname check only, ignoring the
+         * configured verifier. BOTH runs the JDK built-in check first and then
+         * the configured verifier; a NoopHostnameVerifier cannot bypass the
+         * built-in check under BUILTIN or BOTH. Prefer BOTH when no custom
+         * verifier semantics are needed for stronger out-of-the-box security.
+         * 
+         * The option is a:
+         * 
<code>org.apache.hc.client5.http.ssl.HostnameVerificationPolicy</code> type.
+         * 
+         * Default: CLIENT
+         * Group: security
+         * 
+         * @param hostnameVerificationPolicy the value to set
+         * @return the dsl builder
+         */
+        default HttpEndpointBuilder 
hostnameVerificationPolicy(org.apache.hc.client5.http.ssl.HostnameVerificationPolicy
 hostnameVerificationPolicy) {
+            doSetProperty("hostnameVerificationPolicy", 
hostnameVerificationPolicy);
+            return this;
+        }
+        /**
+         * Controls how hostname verification is performed during the TLS
+         * handshake. CLIENT (default) delegates entirely to the configured
+         * x509HostnameVerifier, preserving the behaviour of httpclient 5.5 and
+         * earlier a NoopHostnameVerifier will disable verification. BUILTIN
+         * uses the JDK SSLParameters hostname check only, ignoring the
+         * configured verifier. BOTH runs the JDK built-in check first and then
+         * the configured verifier; a NoopHostnameVerifier cannot bypass the
+         * built-in check under BUILTIN or BOTH. Prefer BOTH when no custom
+         * verifier semantics are needed for stronger out-of-the-box security.
+         * 
+         * The option will be converted to a
+         * 
<code>org.apache.hc.client5.http.ssl.HostnameVerificationPolicy</code> type.
+         * 
+         * Default: CLIENT
+         * Group: security
+         * 
+         * @param hostnameVerificationPolicy the value to set
+         * @return the dsl builder
+         */
+        default HttpEndpointBuilder hostnameVerificationPolicy(String 
hostnameVerificationPolicy) {
+            doSetProperty("hostnameVerificationPolicy", 
hostnameVerificationPolicy);
+            return this;
+        }
         /**
          * Whether to use OAuth2 body authentication.
          *

(camel) branch main updated: CAMEL-23743: Add hostnameVerificationPolicy option to HttpComponent/HttpEndpoint (#23987)

Reply via email to