Skip to content

Commit

Permalink
Allow NoopHostNameVerifier to be set for SOCKS Proxy
Browse files Browse the repository at this point in the history 
It's useful, during testing, when using a SOCKS Proxy, to allow the
HostnameVerifier to be set to a NoopHostNameVerifier - similar to how
*non SOCKS proxy* connections allow this to be done.

This change allows a NoopHostNameVerifier to be used if the key
`:insecure` (or `:insecure?`) is set `true` in the config settings
during `make-socks-proxied-conn-manager`.

-=david=-
  • Loading branch information
@dharrigan
dharrigan committed May 21, 2024
1 parent b8e4947 commit c98f783
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions src/clj_http/conn_mgr.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,11 @@
"Given a function that returns a new socket, create an
SSLConnectionSocketFactory that will use that socket."
([socket-factory]
(SSLGenericSocketFactory socket-factory nil))
([socket-factory ^SSLContext ssl-context]
(let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))]
(proxy [SSLConnectionSocketFactory] [ssl-context']
(SSLGenericSocketFactory socket-factory nil nil))
([socket-factory ^SSLContext ssl-context ^HostnameVerifier hostname-verifier]
(let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))
^HostnameVerifier hostname-verifier' (or hostname-verifier (DefaultHostnameVerifier.))]
(proxy [SSLConnectionSocketFactory] [ssl-context' hostname-verifier']
(connectSocket [timeout socket host remoteAddress localAddress context]
(let [^SSLConnectionSocketFactory this this] ;; avoid reflection
(proxy-super connectSocket timeout (socket-factory) host remoteAddress
Expand Down Expand Up @@ -114,7 +115,7 @@
[]
(-> (SSLContexts/custom)
(.loadTrustMaterial nil (reify TrustStrategy
(isTrusted [_ chain auth-type] true)))
(isTrusted [_ chain auth-type] true)))
(.build)))

(defn ^SSLContext get-ssl-context
Expand Down Expand Up @@ -150,7 +151,7 @@
(let [socket-factory #(socks-proxied-socket hostname port)
registry (into-registry
{"http" (PlainGenericSocketFactory socket-factory)
"https" (SSLGenericSocketFactory socket-factory (get-ssl-context config))})]
"https" (SSLGenericSocketFactory socket-factory (get-ssl-context config) (get-hostname-verifier config))})]
(PoolingHttpClientConnectionManager. registry))))

(defn ^BasicHttpClientConnectionManager make-regular-conn-manager
Expand Down

0 comments on commit c98f783

Please sign in to comment.