Hi Pavel,
What is the use case for this? My memory is that it was a deliberate
decision to not
allow it. HttpsURLConnection (and its related hostname verification
mechanism) predates
the present day ubiquitous use of TLS and https, when misconfigured TLS
certificates are
much less common, not least due to the SAN enhancement.
- Michael
On 27/03/2025 18:20, Pavel Rappo wrote:
Hello,
I would like java.net.http.HttpClient to send a request to an HTTPS
endpoint whose certificate is invalid and cannot be changed. In
particular, the certificate's CN is incompatible with the endpoint's
domain:
javax.net.ssl.SSLHandshakeException: No subject alternative DNS
name matching ... found.
From the documentation, it's not obvious how to configure HttpClient
to skip the hostname check. The
jdk.internal.httpclient.disableHostnameVerification property seems
internal and overly broad as it affects _all_ instances of HttpClient.
What's the official recommendation or better yet code snippet for
configuring a particular instance of HttpClient?
Thanks,
-Pavel
