Override hostname verification in PeerAuthorizerTrustManager

Override hostname verification on client-side. Remove overriding of hostname verification for server-side.
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-17 13:40:26 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-17 16:36:35 +0100
commit: 03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch)
tree: c9ed71323e03630d339625d633ca51996807bfa9 /security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
parent: 06df2d189b63b561472ac677389298038486ba70 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
index 6a78e49fe1d..28854c59b2c 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
@@ -12,7 +12,6 @@ import com.yahoo.security.tls.policy.AuthorizedPeers;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
-import javax.net.ssl.X509ExtendedTrustManager;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.lang.ref.WeakReference;
@@ -110,9 +109,10 @@ public class ConfigFileBasedTlsContext implements TlsContext {
                                                              MutableX509KeyManager mutableKeyManager,
                                                              PeerAuthentication peerAuthentication) {
 
+        HostnameVerification hostnameVerification = options.isHostnameValidationDisabled() ? HostnameVerification.DISABLED : HostnameVerification.ENABLED;
         PeerAuthorizerTrustManager authorizerTrustManager = options.getAuthorizedPeers()
-                .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager))
-                .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager)));
+                .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, mutableTrustManager))
+                .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, hostnameVerification, mutableTrustManager));
         SSLContext sslContext = new SslContextBuilder()
                 .withKeyManager(mutableKeyManager)
                 .withTrustManager(authorizerTrustManager)
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-17 13:40:26 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-17 16:36:35 +0100
commit	03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch)
tree	c9ed71323e03630d339625d633ca51996807bfa9 /security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
parent	06df2d189b63b561472ac677389298038486ba70 (diff)