Hi Nicolas,
On 29/07/2020 13:20, Nicolas Henneaux wrote:
System.setProperty("jdk.internal.httpclient.disableHostnameVerification",
Boolean.TRUE.toString());
System.setProperty("jdk.httpclient.allowRestrictedHeaders", "host");
I don't believe it's a good idea to disable/customize
hostname verification. This property is merely intended for
test environments - where you might need to pretend that you're
talking to some other servers...
And it shouldn't be needed if the certificate presented by the
server contained the proper host names?
best regards,
-- daniel
