Open seaswalker opened 4 months ago
Hello, I think I have related case so commenting this issue. My case is that I'm migrating from old 1.8.16 to 2.12.3 and in our old code we skipped hostname verification because it doesn't matter in our case but it create instead problems, so we have (snip from old impl):
this.asyncHttpClient = new AsyncHttpClient(
new AsyncHttpClientConfig.Builder()
.setSSLContext(sslContext)
.setHostnameVerifier(new HostnameVerifier() {
override verify(String hostname, SSLSession session) { log.debug("override hostname verification") ; true }
} )
.build()
);
How I can disable hostname verification in new version?
Thank you
/**
* Skip {@link javax.net.ssl.HostnameVerifier}.
*
* @see <a href="https://netty.io/4.1/api/io/netty/handler/ssl/SslContext.html">newHandler</a>
* @see <a href="https://github.com/AsyncHttpClient/async-http-client/issues/1611">How to disable hostname verification in AsyncHttpClient</a>
*/
private static class SkipHostnameVerificationSslEngineFactory extends DefaultSslEngineFactory {
@Override
protected void configureSslEngine(SSLEngine sslEngine, AsyncHttpClientConfig config) {
sslEngine.setUseClientMode(true);
}
}
and then:
DefaultAsyncHttpClientConfig.Builder cfgBuilder = new DefaultAsyncHttpClientConfig.Builder();
cfgBuilder.setSslEngineFactory(new SkipHostnameVerificationSslEngineFactory());
You can refer to org.asynchttpclient.netty.ssl.SslEngineFactoryBase#configureSslEngine
and Netty's doc: https://netty.io/4.1/api/io/netty/handler/ssl/SslContext.html,
to find out why above code will work.
/** * Skip {@link javax.net.ssl.HostnameVerifier}. * * @see <a href="https://netty.io/4.1/api/io/netty/handler/ssl/SslContext.html">newHandler</a> * @see <a href="https://github.com/AsyncHttpClient/async-http-client/issues/1611">How to disable hostname verification in AsyncHttpClient</a> */ private static class SkipHostnameVerificationSslEngineFactory extends DefaultSslEngineFactory { @Override protected void configureSslEngine(SSLEngine sslEngine, AsyncHttpClientConfig config) { sslEngine.setUseClientMode(true); } }
and then:
DefaultAsyncHttpClientConfig.Builder cfgBuilder = new DefaultAsyncHttpClientConfig.Builder(); cfgBuilder.setSslEngineFactory(new SkipHostnameVerificationSslEngineFactory());
You can refer to
org.asynchttpclient.netty.ssl.SslEngineFactoryBase#configureSslEngine
and Netty's doc: https://netty.io/4.1/api/io/netty/handler/ssl/SslContext.html, to find out why above code will work.
Thank you !
In real-life scenarios, we need to configure one of the options individually, rather than having to turn them on or off simultaneously, thanks.