diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-10-27 17:59:03 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-10-27 17:59:03 +0200 |
commit | dc3e88a049341082dcd774af0204e8d70add3c22 (patch) | |
tree | 02de4855188f3077645398d776fd527962dfe4a5 /container-core/src/main | |
parent | 8c2ca263212509f67bfb6769f1eaf1daa62f240d (diff) |
Revert "Don't require that SNI hostname must match server certificate"
This reverts commit 439b1242e595f0cd60ed8f6e1fab48c6bb40fdfa.
Diffstat (limited to 'container-core/src/main')
-rw-r--r-- | container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index 4e984d57808..caeaf0bcf0a 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -143,8 +143,7 @@ public class ConnectorFactory { // TODO Vespa 9 Use default URI compliance (LEGACY == old Jetty 9.4 compliance) httpConfig.setUriCompliance(UriCompliance.LEGACY); if (isSslEffectivelyEnabled(connectorConfig)) { - // Explicitly disable SNI checking as Jetty's SNI checking trust manager is not part of our SSLContext trust manager chain - httpConfig.addCustomizer(new SecureRequestCustomizer(false, false, -1, false)); + httpConfig.addCustomizer(new SecureRequestCustomizer()); } String serverNameFallback = connectorConfig.serverName().fallback(); if (!serverNameFallback.isBlank()) httpConfig.setServerAuthority(new HostPort(serverNameFallback)); |