Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hostname verifier for the Jetty connector #5278

Merged
merged 1 commit into from
Mar 23, 2023
Merged

Hostname verifier for the Jetty connector #5278

merged 1 commit into from
Mar 23, 2023

Conversation

senivam
Copy link
Contributor

@senivam senivam commented Mar 8, 2023

No description provided.

@senivam senivam self-assigned this Mar 8, 2023
@senivam senivam linked an issue Mar 9, 2023 that may be closed by this pull request
JettyConnectorProvider does not support JerseyClientBuilder.hostnameVerifier()? #5276
Closed
jbescos
jbescos approved these changes Mar 22, 2023
View reviewed changes
...va/org/glassfish/jersey/tests/e2e/client/connector/ssl/SslConnectorHostnameVerifierTest.java
private static final ClientConfig getClientConfig(boolean enableSslHostnameVerification) {
final ClientConfig config = new ClientConfig();
return enableSslHostnameVerification ? config
.property(JettyClientProperties.ENABLE_SSL_HOSTNAME_VERIFICATION, Boolean.FALSE)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am confused with this.

If enableSslHostnameVerification == true, then the config contains the property JettyClientProperties.ENABLE_SSL_HOSTNAME_VERIFICATION = Boolean.FALSE

It looks to me it should be in vice-versa, is this intentional?.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or the other way around. Does the user need to set property(JettyClientProperties.ENABLE_SSL_HOSTNAME_VERIFICATION, Boolean.FALSE) when the custom hostnameverifier is registered? Maybe it can be set to false automatically, can it not?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the given test is built in a way for default hostname verification to be failed.

    private static final String CLIENT_TRUST_STORE = "truststore-example_com-client";
    private static final String SERVER_KEY_STORE = "keystore-example_com-server";

given trust and key stores are for the example.com hostname instead of the localhost. This is done because most of the connectors work in a way that when default hostname verification is failed, the validation is passed to custom hostname verification if any. However Jetty connector works in the opposite way - when default hostname verification is failed, the flow is finished with an exception without passing validation to a custom hostname verifier. That is why default hostname validation should be disabled and only then custom hostname verifier can be tested.

Regarding the other way around - probably not, because hostnames are not necessarily different - those could be localhost/localhost and all would be fine, the custom hostname verifier would be involved in this case. This particular test actually demonstrates only a corner case for generally invalid hostname vs certificate. But in most cases, default hostname validation would pass.

@jansupol jansupol added this to the 2.39.1 milestone Mar 23, 2023
@senivam senivam merged commit 0914c71 into eclipse-ee4j:master Mar 23, 2023
@senivam senivam deleted the 2x_hostnameVerifier branch March 23, 2023 09:26
This was referenced Mar 23, 2023
Merged
Merged
Merged
Merged
Merged
Merged
Open
Open
Merged
Closed
Merged
Merged
Closed
Closed
Merged
Open
Merged
Closed
Merged
Closed
Merged
Open
This was referenced Mar 24, 2023
Open
Closed
Closed
Merged
Open
@renovate renovate bot mentioned this pull request Apr 3, 2023
Merged
1 task
This was referenced May 11, 2023
Open
Open
@renovate renovate bot mentioned this pull request May 21, 2023
Merged
1 task
This was referenced Jun 1, 2023
Merged
Closed
This was referenced Jun 4, 2023
Merged
Closed
This was referenced Jun 15, 2023
Merged
Merged
This was referenced Jun 26, 2023
Closed
Open
This was referenced Jul 6, 2023
Open
Open
This was referenced Aug 28, 2023
Merged
Merged
@renovate renovate bot mentioned this pull request Oct 29, 2023
Closed
1 task
This was referenced Nov 30, 2023
Closed
Closed
@renovate renovate bot mentioned this pull request Mar 1, 2024
Merged
1 task
@renovate renovate bot mentioned this pull request Mar 18, 2024
Merged
1 task
@mend-for-github-com mend-for-github-com bot mentioned this pull request Mar 24, 2024
Open
1 task
This was referenced Apr 13, 2024
Merged
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jansupol jansupol jansupol approved these changes

@jbescos jbescos jbescos approved these changes

Assignees

@senivam senivam

Labels
None yet
Projects
None yet
Milestone
2.39.1
Development

Successfully merging this pull request may close these issues.

JettyConnectorProvider does not support JerseyClientBuilder.hostnameVerifier()?
3 participants
@senivam @jbescos @jansupol