diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 13:40:26 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 16:36:35 +0100 |
commit | 03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch) | |
tree | c9ed71323e03630d339625d633ca51996807bfa9 /security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java | |
parent | 06df2d189b63b561472ac677389298038486ba70 (diff) |
Override hostname verification in PeerAuthorizerTrustManager
Override hostname verification on client-side.
Remove overriding of hostname verification for server-side.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java index 6a78e49fe1d..28854c59b2c 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java @@ -12,7 +12,6 @@ import com.yahoo.security.tls.policy.AuthorizedPeers; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; -import javax.net.ssl.X509ExtendedTrustManager; import java.io.IOException; import java.io.UncheckedIOException; import java.lang.ref.WeakReference; @@ -110,9 +109,10 @@ public class ConfigFileBasedTlsContext implements TlsContext { MutableX509KeyManager mutableKeyManager, PeerAuthentication peerAuthentication) { + HostnameVerification hostnameVerification = options.isHostnameValidationDisabled() ? HostnameVerification.DISABLED : HostnameVerification.ENABLED; PeerAuthorizerTrustManager authorizerTrustManager = options.getAuthorizedPeers() - .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager)) - .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager))); + .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, mutableTrustManager)) + .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, hostnameVerification, mutableTrustManager)); SSLContext sslContext = new SslContextBuilder() .withKeyManager(mutableKeyManager) .withTrustManager(authorizerTrustManager) |