Hi Pavel,
I would recommend fixing the certificate.
The only way I know of to disable the verification is to use
jdk.internal.httpclient.disableHostnameVerification, and
that was introduced for test environment only.
I wouldn't recommend using it, except for testing.
If you can't fix the certificate, but it does contain some
host names for which it is valid, you could add these
host names to the SSLParameters supplied to the HttpClient builder.
They will be taken into account when performing the
hostname verification.
best regards,
-- daniel
On 27/03/2025 18:20, Pavel Rappo wrote:
Hello,
I would like java.net.http.HttpClient to send a request to an HTTPS
endpoint whose certificate is invalid and cannot be changed. In
particular, the certificate's CN is incompatible with the endpoint's
domain:
javax.net.ssl.SSLHandshakeException: No subject alternative DNS
name matching ... found.
From the documentation, it's not obvious how to configure HttpClient
to skip the hostname check. The
jdk.internal.httpclient.disableHostnameVerification property seems
internal and overly broad as it affects _all_ instances of HttpClient.
What's the official recommendation or better yet code snippet for
configuring a particular instance of HttpClient?
Thanks,
-Pavel
