We can define SSL profile per endpoint domain in axis2 when connecting to external endpoints. I would imagine the hostname verification parameter also should be configurable per endpoint domain. If this is not supported or working we should do it.
On Fri, Nov 14, 2014 at 11:44 AM, Sameera Jayasoma <[email protected]> wrote: > Looping ESB team members > > On Fri, Nov 14, 2014 at 10:40 AM, Niranda Perera <[email protected]> wrote: > >> Hi carbon team, >> >> This is based on a WSO2 customer query. >> >> While using APIM with a custom host name, the following error occurred. >> >> 2014-11-11 09:12:09,794 [-] [HTTPS-Sender I/O dispatcher-1] ERROR >> TargetHandler I/O error: Host name verification failed for host : >> ourserver.development.host.com >> javax.net.ssl.SSLException: Host name verification failed for host : >> ourserver.development.host.com >> at >> org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:152) >> >> at >> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:285) >> >> at >> org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:380) >> >> at >> org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118) >> >> at >> org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160) >> >> at >> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342) >> >> at >> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320) >> >> at >> org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280) >> >> at >> org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) >> >> at >> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604) >> >> at java.lang.Thread.run(Thread.java:745) >> >> This was RESOLVED by modifying the HostnameVerifier parameter of the >> <transportSender> element to 'AllowAll'. >> >> But I have the following quesitons. >> 1. In a production environment, is it a good practice for making >> HostnameVerifier AllowAll? >> 2. What are the implications of making HostnameVerifier AllowAll? >> 3. Is there any other way to handle this rather than verifying all the >> hostnames by default?? >> >> Look forward to hearing from you. >> >> Cheers >> Rgds >> >> -- >> *Niranda Perera* >> Software Engineer, WSO2 Inc. >> Mobile: +94-71-554-8430 >> Twitter: @n1r44 <https://twitter.com/N1R44> >> > > > > -- > Sameera Jayasoma, > Software Architect, > > WSO2, Inc. (http://wso2.com) > email: [email protected] > blog: http://sameera.adahas.org > twitter: https://twitter.com/sameerajayasoma > flickr: http://www.flickr.com/photos/sameera-jayasoma/collections > Mobile: 0094776364456 > > Lean . Enterprise . Middleware > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
