Skip to content

Commit

Permalink
Use empty string instead of null for endpoint identification algorith…
Browse files Browse the repository at this point in the history
…m to disable server hostname verification, since null value gets ignored in Sun's SSLEngine implementation.
  • Loading branch information
kannanjgithub authored and ejona86 committed Mar 28, 2024
1 parent 0064991 commit 097a46b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, Socket
SSLSocket sslSocket = (SSLSocket) socket;
SSLParameters sslParams = sslSocket.getSSLParameters();
if (sslParams != null) {
sslParams.setEndpointIdentificationAlgorithm(null);
sslParams.setEndpointIdentificationAlgorithm("");
sslSocket.setSSLParameters(sslParams);
}
}
Expand All @@ -242,7 +242,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngi
throws CertificateException {
SSLParameters sslParams = sslEngine.getSSLParameters();
if (sslParams != null) {
sslParams.setEndpointIdentificationAlgorithm(null);
sslParams.setEndpointIdentificationAlgorithm("");
sslEngine.setSSLParameters(sslParams);
}
delegate.checkServerTrusted(chain, authType, sslEngine);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -534,6 +534,7 @@ public void checkServerTrustedSslEngine()
CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
verify(sslEngine, times(1)).getHandshakeSession();
assertThat(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
}

@Test
Expand Down Expand Up @@ -561,6 +562,7 @@ public void checkServerTrustedSslSocket()
trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslSocket);
verify(sslSocket, times(1)).isConnected();
verify(sslSocket, times(1)).getHandshakeSession();
assertThat(sslSocket.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
}

@Test
Expand Down

0 comments on commit 097a46b

Please sign in to comment.