diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 17:16:55 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 17:16:55 +0100 |
commit | 0a352bc6ab22515a3ac576f75e98d911d82f08d5 (patch) | |
tree | e7e137e1bc0b36d1cf0eb0cb48b49f85caabac22 /vespaclient | |
parent | 7692a49d50d6e9486242995a36f0b485301f0514 (diff) |
Disable hostname verification only when configured
Diffstat (limited to 'vespaclient')
-rw-r--r-- | vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm b/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm index 2dbf475f2a7..d907e89fa54 100644 --- a/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm +++ b/vespaclient/src/perl/lib/Yahoo/Vespa/Http.pm @@ -100,7 +100,10 @@ sub initialize { # () my $tls_enabled = $ENV{'VESPA_TLS_ENABLED'}; if (defined $tls_enabled and $tls_enabled eq '1') { $BROWSER->ssl_opts( SSL_version => 'TLSv12'); - $BROWSER->ssl_opts( verify_hostname => 0); + my $hostname_verification_disabled = $ENV{'VESPA_TLS_HOSTNAME_VALIDATION_DISABLED'}; + if (defined $hostname_verification_disabled and $hostname_verification_disabled eq '1') { + $BROWSER->ssl_opts( verify_hostname => 0); + } $BROWSER->ssl_opts( SSL_cipher_list => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256' ); } if (defined $ENV{'VESPA_TLS_CA_CERT'}) { |