From 72e86431b59c466673214d330bbd9baa295449cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 4 Nov 2016 09:51:26 +0100
Subject: add hostname validation to httpclient 3.1, which is assumed by
 openSAML 2.x

---
 .../auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'id/server/modules/moa-id-module-eIDAS')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 0cb6228a7..ffa74b92b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -204,13 +204,16 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			
 			if (metadataURL.startsWith("https:")) {
 				try {
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
 							Constants.SSLSOCKETFACTORYNAME, 
 							authConfig.getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
 							authConfig.isTrustmanagerrevoationchecking(),
-							authConfig.getRevocationMethodOrder());
+							authConfig.getRevocationMethodOrder(),
+							authConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
 					
 					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
 
-- 
cgit v1.2.3