aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Becker2013-02-07 05:49:50 (EST)
committerThomas Becker2013-02-07 05:50:19 (EST)
commitbb3c1433f4e340a947e0d895304399f13a6c4b11 (patch)
tree27381d2c04b82c85a0654f02bd3ce0db6d1edf2a
parentddfec4a5046f1e75bd617ef557334c212b8ed732 (diff)
downloadorg.eclipse.jetty.project-bb3c1433f4e340a947e0d895304399f13a6c4b11.zip
org.eclipse.jetty.project-bb3c1433f4e340a947e0d895304399f13a6c4b11.tar.gz
org.eclipse.jetty.project-bb3c1433f4e340a947e0d895304399f13a6c4b11.tar.bz2
400184: SslContextFactory change. Disable hostname verification if trustAll is set
-rw-r--r--jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java32
-rw-r--r--jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java4
2 files changed, 34 insertions, 2 deletions
diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java
index 7522f64..cf0d813 100644
--- a/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java
+++ b/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java
@@ -32,6 +32,7 @@ import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -82,6 +83,14 @@ public class HostnameVerificationTest
client.start();
}
+ @After
+ public void tearDown() throws Exception
+ {
+ client.stop();
+ server.stop();
+ server.join();
+ }
+
/**
* This test is supposed to verify that hostname verification works as described in:
* http://www.ietf.org/rfc/rfc2818.txt section 3.1. It uses a certificate with a common name different to localhost
@@ -114,7 +123,28 @@ public class HostnameVerificationTest
@Test
public void simpleGetWithHostnameVerificationDisabledTest() throws Exception
{
- sslContextFactory.setEndpointIdentificationAlgorithm("");
+ sslContextFactory.setEndpointIdentificationAlgorithm(null);
+ String uri = "https://localhost:" + connector.getLocalPort() + "/";
+ try
+ {
+ client.GET(uri);
+ }
+ catch (ExecutionException e)
+ {
+ fail("SSLHandshake should work just fine as hostname verification is disabled! " + e.getMessage());
+ }
+ }
+
+ /**
+ * This test has hostname verification disabled by setting trustAll to true and connecting,
+ * ssl handshake and sending the request should just work fine.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void trustAllDisablesHostnameVerificationTest() throws Exception
+ {
+ sslContextFactory.setTrustAll(true);
String uri = "https://localhost:" + connector.getLocalPort() + "/";
try
{
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 2e4e35b..44a0581 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -223,7 +223,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/
public SslContextFactory(boolean trustAll)
{
- _trustAll=trustAll;
+ setTrustAll(trustAll);
}
/**
@@ -752,6 +752,8 @@ public class SslContextFactory extends AbstractLifeCycle
public void setTrustAll(boolean trustAll)
{
_trustAll = trustAll;
+ if(trustAll)
+ setEndpointIdentificationAlgorithm(null);
}
/**