The use case is talking to a misconfigured intranet endpoint which cannot be changed. curl, HttpsURLConnection, OkHttp, Apache HttpClient can all ignore certificate issues. I found this relevant bug in JBS: https://bugs.openjdk.org/browse/JDK-8213309
-Pavel On Fri, Mar 28, 2025 at 11:34 AM Michael McMahon <michael.x.mcma...@oracle.com> wrote: > > Hi Pavel, > > What is the use case for this? My memory is that it was a deliberate decision > to not > allow it. HttpsURLConnection (and its related hostname verification > mechanism) predates > the present day ubiquitous use of TLS and https, when misconfigured TLS > certificates are > much less common, not least due to the SAN enhancement. > > - Michael > > On 27/03/2025 18:20, Pavel Rappo wrote: > > Hello, > > I would like java.net.http.HttpClient to send a request to an HTTPS > endpoint whose certificate is invalid and cannot be changed. In > particular, the certificate's CN is incompatible with the endpoint's > domain: > > javax.net.ssl.SSLHandshakeException: No subject alternative DNS > name matching ... found. > > From the documentation, it's not obvious how to configure HttpClient > to skip the hostname check. The > jdk.internal.httpclient.disableHostnameVerification property seems > internal and overly broad as it affects _all_ instances of HttpClient. > What's the official recommendation or better yet code snippet for > configuring a particular instance of HttpClient? > > Thanks, > -Pavel
