From 72e86431b59c466673214d330bbd9baa295449cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 4 Nov 2016 09:51:26 +0100
Subject: add hostname validation to httpclient 3.1, which is assumed by
 openSAML 2.x

---
 .../moa/id/configuration/config/ConfigurationProvider.java    | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index c0cd971cf..05ce3344b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -523,6 +523,14 @@ public class ConfigurationProvider {
 				
 	}
 	
+	/**
+	 * @return
+	 */
+	private boolean isHostNameValidationEnabled() {
+		return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true"));
+		
+	}
+	
 	/**
 	 * @return the context
 	 */
@@ -580,7 +588,8 @@ public class ConfigurationProvider {
 							null,
 							"pkix", 
 							true,
-							new String[]{"crl"});
+							new String[]{"crl"},
+							ConfigurationProvider.getInstance().isHostNameValidationEnabled());
 					
 					httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);
 
-- 
cgit v1.2.3