Chris Ribble created CXF-6761:
---------------------------------
Summary: JAX-RS ClientImpl does not set TLSClientParameters on
HTTPConduit when only HostnameVerifier is configured
Key: CXF-6761
URL: https://issues.apache.org/jira/browse/CXF-6761
Project: CXF
Issue Type: Bug
Components: JAX-RS
Affects Versions: 3.1.4
Reporter: Chris Ribble
Priority: Minor
org.apache.cxf.jaxrs.client.spec.ClientImpl only copies the TLSClientParameters
configured by ClientBuilder.newBuilder().hostnameVerifier(HostnameVerifier) if
an SSLSocketFactory or TrustManagers are configured.
This makes it impossible to use a custom HostnameVerifier without also
declaring a custom SSLSocketFactory or TrustManagers.
Snip of incorrect code from
rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java,
line 282
{code}
// TLS
TLSClientParameters tlsParams = secConfig.getTlsClientParams();
if (tlsParams.getSSLSocketFactory() != null
|| tlsParams.getTrustManagers() != null) {
clientCfg.getHttpConduit().setTlsClientParameters(tlsParams);
}
{code}
Proposed replacement:
{code}
// TLS
TLSClientParameters tlsParams = secConfig.getTlsClientParams();
if (tlsParams.getSSLSocketFactory() != null
|| tlsParams.getTrustManagers() != null
|| tlsParams.getHostnameVerifier() != null) {
clientCfg.getHttpConduit().setTlsClientParameters(tlsParams);
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
