add hostname validation to httpclient 3.1, which is assumed by openSAML 2.x

1 files changed, 10 insertions, 1 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index c0cd971cf..05ce3344b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -524,6 +524,14 @@ public class ConfigurationProvider {
 	}
 	
 	/**
+	 * @return
+	 */
+	private boolean isHostNameValidationEnabled() {
+		return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true"));
+		
+	}
+	
+	/**
 	 * @return the context
 	 */
 	public ApplicationContext getContext() {
@@ -580,7 +588,8 @@ public class ConfigurationProvider {
 							null,
 							"pkix", 
 							true,
-							new String[]{"crl"});
+							new String[]{"crl"},
+							ConfigurationProvider.getInstance().isHostNameValidationEnabled());
 					
 					httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);