diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-20 13:23:19 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-20 13:23:19 +0100 |
commit | 1441bb6fe0edf5bf36ac5a3c0c070a81be9cebe1 (patch) | |
tree | 26ccddfdd4c5d8fa0f546c238d57217268eeac18 | |
parent | 32865d72bc70ffba08806e0870880a14d4fed36f (diff) |
Disable hostname verification of client certs in hosted configserver/controller
2 files changed, 2 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java index 1a7224fdc71..61ac8f7a7e2 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java @@ -124,6 +124,7 @@ public class ConfigserverSslContextFactoryProvider extends AbstractComponent imp .orElseGet(() -> updateKeystore(configserverIdentity, generateKeystorePassword(), keyProvider, ztsClient, zoneConfig)); factory.setKeyStore(keyStore); factory.setKeyStorePassword(""); + factory.setEndpointIdentificationAlgorithm(null); // disable https hostname verification of clients (must be disabled when using Athenz x509 certificates) return factory; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java index d20c86528a5..dcc61b13bab 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java @@ -63,6 +63,7 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple factory.setTrustStore(truststore); factory.setKeyStore(keystore); factory.setKeyStorePassword(""); + factory.setEndpointIdentificationAlgorithm(null); // disable https hostname verification of clients (must be disabled when using Athenz x509 certificates) return factory; } |