-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 6/11/18 10:31 AM, Mark Thomas wrote:
> On 11/06/18 11:47, Weiner Harald wrote:
>
> <snip/>
>
>> What are your thoughts?
>
> I'm leaning towards adding:
>
> SSLParameters sslParams = new SSLParameters();
> sslParams.setEndpointIdentificationAlgorithm("HTTPS");
> sslSocket.setSSLParameters(sslParams);
>
> unconditionally to WsWebSocketContainer.createSSLEngine()
>
> I've been trying to think of a use case where you'd want to use
> TLS without wanting to verify the host name and I can't think of
> one.
Testing.
It would be very useful to be able to configure this, so if you are
going to patch the code, please make this configurable by the client.
See HttpsURLConnection.setHostnameVerifier
I think it's appropriate to simply match that API unless there are any
objections.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsf1OMACgkQHPApP6U8
pFibhw/+ODRL4BZfk9fTWxLFSEyKEJQORJgfVveHaqzsW34BzRVEx7nVGBL+T8t1
m0E+mhQY+m+YyTKsWpAzNEd/752UMFV6jHhn8Nle6I+puLpZ8tEKj4MSd2JDDC2Y
Te4mD4QwMgkdNIU8aacXqj1hJanyB4vvfSd+PpFiW/o0kWKHirpSdra87XvLqbMM
A75lKzFdyqZWJ9JBqSoQID3vLQMyBzZ+MI8XWacuT69hMWioMpiAc2iSVw73TUXO
kt9jFlP6K17QzJ3j2kmdm1TAQDupFNNs2W5M15Eo7ahj3xa137s+lZgTjI7b8rhS
dekDyD++7biKJSCnyd8XIQ+FM6UjEwCIzGtdRRNvjw+ufk9S7IDnJhD7DAeGqNOc
bq4ezaG8iFRI7h3lkJx+AeF23KaW36VEK8bbNK5phjyIfZ0crF43Xv8nTOyf1S0E
Pqj38sr9baa0JcRnYvGLS9ZDtYpDFQaQuti7p8IJs/DJ6yr+d7KvO/ZBawU6K8e0
EttmjavdB0RfooI61LBj0bazHANvhISY5xzmJIqDIYAtwlYf1Ww9X0CrpWmrPd1y
RE/M2RpXj6lcVCPqXzqSXVE/DfJXlmj5iqB4lGJBS0TrcWFvKHH5kp0reUlZNtRG
l+FshDzZylsz5tqN3DtyNjQoQN9rW181O7+j2f5exa9IS9fUgek=
=GeP9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
