Disable hostname verification of client certs in hosted configserver/controller

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-20 13:23:19 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-20 13:23:19 +0100
commit: 1441bb6fe0edf5bf36ac5a3c0c070a81be9cebe1 (patch)
tree: 26ccddfdd4c5d8fa0f546c238d57217268eeac18 /controller-server
parent: 32865d72bc70ffba08806e0870880a14d4fed36f (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
index d20c86528a5..dcc61b13bab 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java
@@ -63,6 +63,7 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple
         factory.setTrustStore(truststore);
         factory.setKeyStore(keystore);
         factory.setKeyStorePassword("");
+        factory.setEndpointIdentificationAlgorithm(null); // disable https hostname verification of clients (must be disabled when using Athenz x509 certificates)
         return factory;
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-20 13:23:19 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-20 13:23:19 +0100
commit	1441bb6fe0edf5bf36ac5a3c0c070a81be9cebe1 (patch)
tree	26ccddfdd4c5d8fa0f546c238d57217268eeac18 /controller-server
parent	32865d72bc70ffba08806e0870880a14d4fed36f (diff)