From 41b68bbd1b549481aa8603059ed32b8fdd72a3db Mon Sep 17 00:00:00 2001
From: Tobias Kellner <tobias.kellner@iaik.tugraz.at>
Date: Thu, 3 Nov 2016 16:18:04 +0100
Subject: Only set HostnameVerifier if SSL checks disabled

---
 .../at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java  | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 4f9260d2..8891cce7 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -129,6 +129,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 
 		public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects";
 
+		public static final String SSL_DISSABLE_HOSTNAME_VERIFICATION = "SSL.disableHostnameVerification";
+
+		public static final String SSL_DISSABLE_ALL_CHECKS = "SSL.disableAllChecks";
+
 		public int getMaxDataUrlHops() {
 			return configuration.getInt(DATAURLCLIENT_MAXHOPS, 10);
 		}
@@ -187,6 +191,14 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 		public boolean getAllowOtherRedirects() {
 			return configuration.getBoolean(ALLOW_OTHER_REDIRECTS, false);
 		}
+
+		public boolean disableSslHostnameVerification() {
+			return configuration.getBoolean(SSL_DISSABLE_HOSTNAME_VERIFICATION, false);
+		}
+
+		public boolean disableAllSslChecks() {
+			return configuration.getBoolean(SSL_DISSABLE_ALL_CHECKS, false);
+		}
 	}
 	
 	/**
@@ -388,7 +400,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 			// set user agent and signature layout headers
 			conn.setHTTPHeader(HttpUtil.HTTP_HEADER_USER_AGENT, getServerHeaderValue());
 			conn.setHTTPHeader(HttpUtil.HTTP_HEADER_SIGNATURE_LAYOUT, getSignatureLayoutHeaderValue());
-			conn.setHostnameVerifier(hostnameVerifier);
+			if (configurationFacade.disableAllSslChecks() || configurationFacade.disableSslHostnameVerification())
+				conn.setHostnameVerifier(hostnameVerifier);
 			conn.setSSLSocketFactory(sslSocketFactory);
 
 			// set transfer headers
-- 
cgit v1.2.3