The default HostnameVerifier is only used if the "useHttpsURLConnectionDefaultHostnameVerifier" attribute of the CXF TLS ClientParameters Object is set to "true". See here:
http://cxf.apache.org/docs/tls-configuration.html Alternatively you can just call "setDisableCNCheck(false)" on the TLSClientParameters Object. See the following tests for some examples: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java;h=6264f447d87b7aad790ecec007ba69de43cab7c5;hb=HEAD https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSConduitTest.java;h=2f6844971dfc78854dc76870b267391e2be087ac;hb=HEAD Colm. On Fri, Apr 10, 2015 at 10:51 PM, smq <[email protected]> wrote: > I don't know how to programmatically disable CN checking with CXF 3.0.4 > JAX-RS 2.0 client. My code is as follows: > > System.setProperty("jsse.enableSNIExtension", "false"); > HttpsURLConnection.setDefaultHostnameVerifier( > new HostnameVerifier(){ > > public boolean verify(String hostname, > SSLSession sslSession) { > > return true; > > } > }); > Client client = ClientBuilderImpl.newClient(); > String urlHost = "https://"; + centralNode; > WebTarget target = > client.target(urlHost).path(BASE_SERVICE_URL); > String encodedpw = > Base64.encodeBase64String(passwd.getBytes()); > String body = "{\"uid\" : \"" + uid + "\",\"password\": > \"" + encodedpw + > "\"}"; > logger.info("json body=" +body); > Response res = > target.request(MediaType.APPLICATION_JSON).post(Entity.entity(body, > MediaType.APPLICATION_JSON)); > > As you can see, I already tried to override the default hostnameverifier, > and set jsse.enableSNIExtension to false. None of these worked, i am still > getting the exception: > > "The https URL hostname does not match the Common Name (CN) on the server > certificate in the client's truststore. Make sure server certificate is > correct, or to disable this check (NOT recommended for production) set the > CXF client TLS configuration property "disableCNCheck" to true." > > Please help! > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-3-0-4-client-how-to-disable-CN-checking-tp5755938.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
