From 1441bb6fe0edf5bf36ac5a3c0c070a81be9cebe1 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Wed, 20 Feb 2019 13:23:19 +0100
Subject: Disable hostname verification of client certs in hosted
 configserver/controller

---
 .../instanceproviderservice/ConfigserverSslContextFactoryProvider.java   | 1 +
 1 file changed, 1 insertion(+)

(limited to 'athenz-identity-provider-service/src')

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
index 1a7224fdc71..61ac8f7a7e2 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
@@ -124,6 +124,7 @@ public class ConfigserverSslContextFactoryProvider extends AbstractComponent imp
                         .orElseGet(() -> updateKeystore(configserverIdentity, generateKeystorePassword(), keyProvider, ztsClient, zoneConfig));
         factory.setKeyStore(keyStore);
         factory.setKeyStorePassword("");
+        factory.setEndpointIdentificationAlgorithm(null); // disable https hostname verification of clients (must be disabled when using Athenz x509 certificates)
         return factory;
     }
 
-- 
cgit v1.2.3