Daniel, The only hostnames I can see that SSLParameters accept are SNIServerName. As far as I know, SNIs serve a very different purpose. They are used by the client to tell the server which of the server's multiple names the client is targeting. Could you maybe provide a snippet for me to better understand what you meant?
On Thu, Mar 27, 2025 at 6:54 PM Daniel Fuchs <daniel.fu...@oracle.com> wrote: > > Hi Pavel, > > I would recommend fixing the certificate. > > The only way I know of to disable the verification is to use > jdk.internal.httpclient.disableHostnameVerification, and > that was introduced for test environment only. > I wouldn't recommend using it, except for testing. > > If you can't fix the certificate, but it does contain some > host names for which it is valid, you could add these > host names to the SSLParameters supplied to the HttpClient builder. > They will be taken into account when performing the > hostname verification. > > best regards, > > -- daniel > > > On 27/03/2025 18:20, Pavel Rappo wrote: > > Hello, > > > > I would like java.net.http.HttpClient to send a request to an HTTPS > > endpoint whose certificate is invalid and cannot be changed. In > > particular, the certificate's CN is incompatible with the endpoint's > > domain: > > > > javax.net.ssl.SSLHandshakeException: No subject alternative DNS > > name matching ... found. > > > > From the documentation, it's not obvious how to configure HttpClient > > to skip the hostname check. The > > jdk.internal.httpclient.disableHostnameVerification property seems > > internal and overly broad as it affects _all_ instances of HttpClient. > > What's the official recommendation or better yet code snippet for > > configuring a particular instance of HttpClient? > > > > Thanks, > > -Pavel >
