Andrea Cosentino created CAMEL-23785:
----------------------------------------
Summary: camel-http: mark x509HostnameVerifier with
security="insecure:ssl"
Key: CAMEL-23785
URL: https://issues.apache.org/jira/browse/CAMEL-23785
Project: Camel
Issue Type: Improvement
Components: camel-http
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
h3. Problem
The {{x509HostnameVerifier}} option on camel-http accepts a
NoopHostnameVerifier, which disables hostname verification. The adjacent
{{hostnameVerificationPolicy}} was recently hardened, but x509HostnameVerifier
itself is not annotated with the {{security = "insecure:ssl"}} marker used
elsewhere for TLS-weakening options, so the security tooling profile cannot
flag insecure usage.
h3. Evidence
*
components/camel-http/src/main/java/org/apache/camel/component/http/HttpEndpoint.java:154
(x509HostnameVerifier @UriParam, label security)
h3. Suggested fix
Add security = "insecure:ssl" to the @UriParam on x509HostnameVerifier;
regenerate metadata/catalog/endpoint-dsl.
h3. Acceptance criteria
* x509HostnameVerifier @UriParam carries security = "insecure:ssl"
* Generated component JSON, catalog and endpoint-dsl are regenerated and
committed
* No functional change to the option
_Created by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
