Re: hc-4.3.6: AllowAllVerifier not used

Oleg Kalnichevski Wed, 17 Dec 2014 01:03:41 -0800

On Tue, 2014-12-16 at 18:08 +0000, Pete Keyes wrote:
> Below is a unit test that attempts to use the 
> "SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER" option.  It never 
> works and the wire level debug indicates that HC is always using 
> "BrowserCompatHostnameVerifier" instead.  Can someone explain why or where my 
> code is incorrect?
> 
...


Hi Pete

You need to be careful when using a custom connection manager. When used
it overrides all other custom connection management related settings.
For details see HttpClientBuilder javadocs.

---
X509HostnameVerifier hostnameVerifier = new X509HostnameVerifier() {
    @Override
    public void verify(final String host, final SSLSocket ssl) throws 
IOException {
        System.out.println("I am easy");
    }
    @Override
    public void verify(final String host, final X509Certificate cert) throws 
SSLException {
        System.out.println("I am easy");
    }
    @Override
    public void verify(final String host, final String[] cns, final String[] 
subjectAlts) throws SSLException {
        System.out.println("I am easy");
    }
    @Override
    public boolean verify(final String s, final SSLSession sslSession) {
        System.out.println("I am easy");
        return true;
    }
};

CloseableHttpClient client1 = HttpClients.custom()
        .setHostnameVerifier(hostnameVerifier)
        .build();
CloseableHttpResponse response1 = client1.execute(new 
HttpGet("https://verisign.com/";));
try {
    System.out.println(response1.getStatusLine());
} finally {
    response1.close();
}

SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
        SSLContexts.createSystemDefault(), hostnameVerifier);
Registry<ConnectionSocketFactory> registry = 
RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", sslSocketFactory)
        .build();
BasicHttpClientConnectionManager cm = new 
BasicHttpClientConnectionManager(registry);
CloseableHttpClient client2 = HttpClients.custom()
        .setConnectionManager(cm)
        .build();
CloseableHttpResponse response2 = client2.execute(new 
HttpGet("https://verisign.com/";));
try {
    System.out.println(response2.getStatusLine());
} finally {
    response2.close();
}
---

In both cases custom hostname verifier was called for me. 

Hope this helps

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: hc-4.3.6: AllowAllVerifier not used

Reply via email to