[
https://issues.apache.org/jira/browse/HTTPCLIENT-1062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13012956#comment-13012956
]
Bartosz Firyn commented on HTTPCLIENT-1062:
-------------------------------------------
Hi Richard,
SSLSocketFactory takes hostname verifier as one of the socket factory
constructors, so I've simply changed this one:
SSLSocketFactory factory = new SSLSocketFactory(sslcontext);
factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
to this one:
SSLSocketFactory factory = new SSLSocketFactory(sslcontext,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
You can find this change here:
https://github.com/sarxos/smesx/commit/92bf36306936e44fcc775c0e9822d9c38c7b43c0
Generally there are plenty much more useful constructors for this class. I'm
using this one, but your code can require some more input arguments.
Best Regards
Bartosz
> SSLSocketFactory.setHostnameVerifier(..) deprecated but no replacement defined
> ------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1062
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1062
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.1 Final
> Reporter: Bartosz Firyn
> Priority: Trivial
> Labels: javadoc
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> I'm creating SSLSocketFactory and set host verifier to
> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER to authorize any TLS/SSL host.
> In HttpClient v4.1 this method is deprecated, however there is no replacement
> specified. Also host verifier logic is still used in the code, so therefore
> @Deprecated annotation shall be removed or some appropriate comment shall be
> added for future devs to let them know which method shall they use instead or
> at least why they shouldn't use
> SSLSocketFactory.setHostnameVerifier(X509HostnameVerifier).
> <pre>
> import java.security.KeyManagementException;
> import java.security.NoSuchAlgorithmException;
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
> import org.apache.http.conn.ssl.SSLSocketFactory;
> /**
> * Create naive SSLSocket factory which will authorize any TSL/SSL host.
> *
> * @author Bartosz Firyn (SarXos)
> */
> public class NaiveSSLFactory {
> /**
> * @return Return naive SSL socket factory (authorize any SSL/TSL host)
> */
> public static SSLSocketFactory createNaiveSSLSocketFactory() {
> X509TrustManager manager = new NaiveX509TrustManager();
> SSLContext sslcontext = null;
> try {
> TrustManager[] managers = new TrustManager[] { manager
> };
> sslcontext = SSLContext.getInstance("SSL");
> sslcontext.init(null, managers, null);
> } catch (NoSuchAlgorithmException e) {
> e.printStackTrace();
> } catch (KeyManagementException e) {
> e.printStackTrace();
> }
> SSLSocketFactory factory = new SSLSocketFactory(sslcontext);
>
> factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> return factory;
> }
> }
> </pre>
> ---------------
> <pre>
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
> import javax.net.ssl.X509TrustManager;
> /**
> * The goal of this trust manager is to do nothing - it will authorize
> * any TSL/SSL secure connection.
> *
> * @author Bartosz Firyn (SarXos)
> */
> public class NaiveX509TrustManager implements X509TrustManager {
> @Override
> public void checkClientTrusted(X509Certificate[] certs, String str)
> throws CertificateException {
> }
> @Override
> public void checkServerTrusted(X509Certificate[] certs, String str)
> throws CertificateException {
> }
> @Override
> public X509Certificate[] getAcceptedIssuers() {
> return null;
> }
> }
> </pre>
> ---------------------
> <pre>
> import org.apache.http.conn.ClientConnectionManager;
> import org.apache.http.conn.scheme.Scheme;
> import org.apache.http.conn.scheme.SchemeRegistry;
> import org.apache.http.conn.ssl.SSLSocketFactory;
> import org.apache.http.impl.client.DefaultHttpClient;
> /**
> * Default HTTP client.
> *
> * @author Bartosz Firyn (SarXos)
> */
> public class NaiveSSLClient extends DefaultHttpClient {
> /**
> * Singleton instance.
> */
> private static NaiveSSLClient instance = null;
> /**
> * @return Singleton instance.
> */
> public static NaiveSSLClient getInstance() {
> if (instance == null) {
> instance = create();
> }
> return instance;
> }
> /**
> * @return New instance of HTTP client.
> */
> protected static NaiveSSLClient create() {
> NaiveSSLClient client = new NaiveSSLClient();
> SSLSocketFactory factory =
> NaiveSSLFactory.createNaiveSSLSocketFactory();
> ClientConnectionManager manager = client.getConnectionManager();
> SchemeRegistry registry = manager.getSchemeRegistry();
> registry.register(new Scheme("https", 443, factory));
> return client;
> }
> /**
> * Private.
> */
> private NaiveSSLClient() {
> }
> }
> </pre>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
