Correction: "setDisableCNCheck(true)" Colm.
On Mon, Apr 13, 2015 at 5:02 PM, Colm O hEigeartaigh <[email protected]> wrote: > The default HostnameVerifier is only used if the > "useHttpsURLConnectionDefaultHostnameVerifier" attribute of the CXF TLS > ClientParameters Object is set to "true". See here: > > http://cxf.apache.org/docs/tls-configuration.html > > Alternatively you can just call "setDisableCNCheck(false)" on the > TLSClientParameters Object. See the following tests for some examples: > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java;h=6264f447d87b7aad790ecec007ba69de43cab7c5;hb=HEAD > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSConduitTest.java;h=2f6844971dfc78854dc76870b267391e2be087ac;hb=HEAD > > Colm. > > On Fri, Apr 10, 2015 at 10:51 PM, smq <[email protected]> wrote: > >> I don't know how to programmatically disable CN checking with CXF 3.0.4 >> JAX-RS 2.0 client. My code is as follows: >> >> System.setProperty("jsse.enableSNIExtension", "false"); >> HttpsURLConnection.setDefaultHostnameVerifier( >> new HostnameVerifier(){ >> >> public boolean verify(String hostname, >> SSLSession sslSession) { >> >> return true; >> >> } >> }); >> Client client = ClientBuilderImpl.newClient(); >> String urlHost = "https://"; + centralNode; >> WebTarget target = >> client.target(urlHost).path(BASE_SERVICE_URL); >> String encodedpw = >> Base64.encodeBase64String(passwd.getBytes()); >> String body = "{\"uid\" : \"" + uid + "\",\"password\": >> \"" + encodedpw + >> "\"}"; >> logger.info("json body=" +body); >> Response res = >> target.request(MediaType.APPLICATION_JSON).post(Entity.entity(body, >> MediaType.APPLICATION_JSON)); >> >> As you can see, I already tried to override the default hostnameverifier, >> and set jsse.enableSNIExtension to false. None of these worked, i am >> still >> getting the exception: >> >> "The https URL hostname does not match the Common Name (CN) on the server >> certificate in the client's truststore. Make sure server certificate is >> correct, or to disable this check (NOT recommended for production) set the >> CXF client TLS configuration property "disableCNCheck" to true." >> >> Please help! >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/CXF-3-0-4-client-how-to-disable-CN-checking-tp5755938.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
