Explicitly disable hostname verification in the default JDisc SSL setup

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-20 13:28:58 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-20 13:28:58 +0100
commit: 489fbaba9d48999e0336a91255d5868addc46c2c (patch)
tree: 501a4a8f722ca0fa13f1f9d463cc21ab4ab01550 /jdisc_http_service
parent: 1441bb6fe0edf5bf36ac5a3c0c070a81be9cebe1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java
index c381ba738a3..f9cdefeb5e8 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java
@@ -16,7 +16,6 @@ import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -55,6 +54,7 @@ public class DefaultSslContextFactoryProvider implements SslContextFactoryProvid
             factory.setTrustStore(createTruststore(sslConfig));
         }
         factory.setProtocol("TLS");
+        factory.setEndpointIdentificationAlgorithm(null); // disable hostname verification of client certs
         return factory;
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-20 13:28:58 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-20 13:28:58 +0100
commit	489fbaba9d48999e0336a91255d5868addc46c2c (patch)
tree	501a4a8f722ca0fa13f1f9d463cc21ab4ab01550 /jdisc_http_service
parent	1441bb6fe0edf5bf36ac5a3c0c070a81be9cebe1 (diff)