Thanks for the additional information, we will review it.
For tracking purposes I filed the follow JIRA. It should not be confused
with a commitment to add such an API point, its resolution may indeed be
‘will not fix’, but it will contain a summary and record of the
discussion and ultimate conclu
Regarding the dummy TrustManager point, in my experience trust and hostname
verification are
separate steps (at least in Java’s implementation of SSL). Here are some tests:
@Test
public void selfSignedHostnameVerified() throws Exception {
assertEquals(204, getResponseCode("cn=localhost", null
There is a fix in progress for
https://bugs.openjdk.java.net/browse/JDK-8213189
which will allow the "Host" header to be overridden, along with some of
the other currently
restricted ones.
I don't follow the other point though. With a dummy TrustManager, the
contents of the
server's certificat
Yes, although this is more restrictive because it means I have to have common
name or subject
alternative names in the self-signed certificate for “localhost”,
“localhost.localdomain”,
“127.0.0.1”, or similar so that my requests get routed to the local server.
Testing hostname-based
redirects un
You could also isolate the behavior to a specific SSLContext (and
therefore HttpClient)
by initializing the SSLContext with a dummy TrustManager (if it's only
for testing).
- Michael.
On 01/11/2018, 18:09, Anders Wisch wrote:
Thankfully, all of my uses are for testing. To test hostname-based
Thankfully, all of my uses are for testing. To test hostname-based redirects or
integration tests of
server code under SSL I start short-lived servers that serve self-signed
certificates. Test cases
use HTTP clients that disable hostname verification, connect to a local address
and port, and
som
In order to evaluate this request, can you please provide
use-cases for such. What “secure” server are you trying
to connect to that is unwilling to identify itself in its
certificate.
-Chris.
> On 1 Nov 2018, at 17:48, Anders Wisch wrote:
>
> Hi all,
>
> I think it should be possible to suppl
Hi all,
I think it should be possible to supply a custom javax.net.ssl.HostnameVerifier
while building a
java.net.http.HttpClient. While it is possible to disable standard hostname
verification via the
system property “jdk.internal.httpclient.disableHostnameVerification”, this
doesn’t allow you
