Revert "Don't require that SNI hostname must match server certificate"

This reverts commit 439b1242e595f0cd60ed8f6e1fab48c6bb40fdfa.
author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-10-27 17:59:03 +0200
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-10-27 17:59:03 +0200
commit: dc3e88a049341082dcd774af0204e8d70add3c22 (patch)
tree: 02de4855188f3077645398d776fd527962dfe4a5
parent: 8c2ca263212509f67bfb6769f1eaf1daa62f240d (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index 4e984d57808..caeaf0bcf0a 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -143,8 +143,7 @@ public class ConnectorFactory {
         // TODO Vespa 9 Use default URI compliance (LEGACY == old Jetty 9.4 compliance)
         httpConfig.setUriCompliance(UriCompliance.LEGACY);
         if (isSslEffectivelyEnabled(connectorConfig)) {
-            // Explicitly disable SNI checking as Jetty's SNI checking trust manager is not part of our SSLContext trust manager chain
-            httpConfig.addCustomizer(new SecureRequestCustomizer(false, false, -1, false));
+            httpConfig.addCustomizer(new SecureRequestCustomizer());
         }
         String serverNameFallback = connectorConfig.serverName().fallback();
         if (!serverNameFallback.isBlank()) httpConfig.setServerAuthority(new HostPort(serverNameFallback));
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-10-27 17:59:03 +0200
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-10-27 17:59:03 +0200
commit	dc3e88a049341082dcd774af0204e8d70add3c22 (patch)
tree	02de4855188f3077645398d776fd527962dfe4a5
parent	8c2ca263212509f67bfb6769f1eaf1daa62f240d (diff)