So, I got my little client prototype working in "happy path", and I managed to
accidentally discover a way to make the server response barf and give me back a
fatal HTML response (which will be rare, but I have to know when it happens),
so I added a catch clause for ResponseProcessingException so I could get the
HTML text.
Now I wanted to try to understand what I accidentally discovered, which made
the service call fail.
In my client initialization code, I have a block like this:
-------------------
builder.hostnameVerifier((host, session) -> {
try {
Certificate[] certs =
session.getPeerCertificates();
return certs != null && certs[0] instanceof
X509Certificate;
}
catch (SSLException ex) {
return false;
}
});
---------------
When I comment this out, I get HTML that essentially says "An attempt to
authenticate with a client certificate failed." Ok, so I was just a little
curious to see when or how that "host name verifier" is called. So I ran the
test in debug, setting breakpoints in the try and catch block. No breakpoints
were hit. I then added print statements in the lambda, both at the top and in
the catch clause. Nothing comes out. I then added a flag to the parent
instance and set it in the body of the lambda, and then printed out the value
after I got the response, and the flag was not set.
>From the evidence I'm seeing, it almost seems like just the presence of ANY
>host name verifier allows the verification to succeed, without even executing
>it. That can't be right.
