To understand this term meaning see comment from one Apache Common Http
Client sources (the class name is
StrictSSLProtocolSocketFactory
http://www.devdaily.com/java/jwarehouse/commons-httpclient-2.0/src/contrib/org/apache/commons/httpclient/contrib/ssl/StrictSSLProtocolSocketFactory.shtml)
Here it:
/**
* Set the host name verification flag.
*
* @param verifyHostname The host name verification flag. If set to
* <code>true</code> the SSL sessions server host name will be compared
* to the host name returned in the server certificates "Common Name"
* field of the "SubjectDN" entry. If these names do not match a
* Exception is thrown to indicate this. Enabling host name
verification
* will help to prevent from man-in-the-middle attacks. If set to
* <code>false</code> host name verification is turned off.
*/
So this is not enabled in servicemix http binding by default and no
properties to activate it.
In our experiments this feature does not work.
You mean like when you use SSH ? I'm not sure exactly how this mechanism work.
But you can configure a trust store which is used to verify the key of
the server or client.
You can't specifically check for hostname verification, but if the
server has a key associated to itself and if the trustore is
configured, in effect, you end up with host verification I suppose.
