I recommend HostnameVerifier.DEFAULT. From the javadoc: ---------------- The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The only difference between DEFAULT and STRICT is that a wildcard (such as "*.foo.com") with DEFAULT matches all subdomains, including "a.b.foo.com". ---------------- > > Cool. For CXF, which do you suggest is the "best" option to default in? > Long term, we need to add config to make it configurable, but for the > default, which do you suggest? > > Dan > > -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/
