From 41b68bbd1b549481aa8603059ed32b8fdd72a3db Mon Sep 17 00:00:00 2001 From: Tobias Kellner Date: Thu, 3 Nov 2016 16:18:04 +0100 Subject: Only set HostnameVerifier if SSL checks disabled --- .../at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index 4f9260d2..8891cce7 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -129,6 +129,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects"; + public static final String SSL_DISSABLE_HOSTNAME_VERIFICATION = "SSL.disableHostnameVerification"; + + public static final String SSL_DISSABLE_ALL_CHECKS = "SSL.disableAllChecks"; + public int getMaxDataUrlHops() { return configuration.getInt(DATAURLCLIENT_MAXHOPS, 10); } @@ -187,6 +191,14 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement public boolean getAllowOtherRedirects() { return configuration.getBoolean(ALLOW_OTHER_REDIRECTS, false); } + + public boolean disableSslHostnameVerification() { + return configuration.getBoolean(SSL_DISSABLE_HOSTNAME_VERIFICATION, false); + } + + public boolean disableAllSslChecks() { + return configuration.getBoolean(SSL_DISSABLE_ALL_CHECKS, false); + } } /** @@ -388,7 +400,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement // set user agent and signature layout headers conn.setHTTPHeader(HttpUtil.HTTP_HEADER_USER_AGENT, getServerHeaderValue()); conn.setHTTPHeader(HttpUtil.HTTP_HEADER_SIGNATURE_LAYOUT, getSignatureLayoutHeaderValue()); - conn.setHostnameVerifier(hostnameVerifier); + if (configurationFacade.disableAllSslChecks() || configurationFacade.disableSslHostnameVerification()) + conn.setHostnameVerifier(hostnameVerifier); conn.setSSLSocketFactory(sslSocketFactory); // set transfer headers -- cgit v1.2.3