1 files changed, 6 insertions, 1 deletions

diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java
index 219f1707589..50af29f92aa 100644
--- a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java
+++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java
@@ -11,6 +11,7 @@ import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLParameters;
 
 /**
@@ -37,13 +38,17 @@ public class VespaAsyncHttpClientBuilder {
     }
 
     public static HttpAsyncClientBuilder create(AsyncConnectionManagerFactory factory) {
+        return create(factory, new NoopHostnameVerifier());
+    }
+
+    public static HttpAsyncClientBuilder create(AsyncConnectionManagerFactory factory, HostnameVerifier hostnameVerifier) {
         HttpAsyncClientBuilder clientBuilder = HttpAsyncClientBuilder.create();
         TlsContext vespaTlsContext = TransportSecurityUtils.getSystemTlsContext().orElse(null);
         TlsStrategy tlsStrategy;
         if (vespaTlsContext != null) {
             SSLParameters vespaTlsParameters = vespaTlsContext.parameters();
             tlsStrategy = ClientTlsStrategyBuilder.create()
-                    .setHostnameVerifier(new NoopHostnameVerifier())
+                    .setHostnameVerifier(hostnameVerifier)
                     .setSslContext(vespaTlsContext.context())
                     .setTlsVersions(vespaTlsParameters.getProtocols())
                     .setCiphers(vespaTlsParameters.getCipherSuites())