make it possible to disable host name verification (#5722)

to work around a temporary misconfiguration

1 files changed, 8 insertions, 0 deletions

diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java
index 279735cdd08..671038c852a 100644
--- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java
+++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java
@@ -11,6 +11,8 @@ import io.airlift.command.Command;
 import io.airlift.command.HelpOption;
 import io.airlift.command.Option;
 import io.airlift.command.SingleCommand;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 
 import javax.inject.Inject;
 import java.util.concurrent.TimeUnit;
@@ -174,6 +176,10 @@ public class CommandLineArguments {
             description = "Use TLS when connecting to endpoint")
     private boolean useTls = false;
 
+    @Option(name = {"--insecure"},
+            description = "Skip hostname verification when using TLS")
+    private boolean insecure = false;
+
     int getWhenVerboseEnabledPrintMessageForEveryXDocuments() {
         return whenVerboseEnabledPrintMessageForEveryXDocuments;
     }
@@ -203,6 +209,8 @@ public class CommandLineArguments {
                 )
                 .setConnectionParams(
                         new ConnectionParams.Builder()
+                                .setHostnameVerifier(insecure ? NoopHostnameVerifier.INSTANCE :
+                                        SSLConnectionSocketFactory.getDefaultHostnameVerifier())
                                 .setNumPersistentConnectionsPerEndpoint(16)
                                 .setEnableV3Protocol(! enableV2Protocol)
                                 .setUseCompression(useCompressionArg)