HTTPCLIENT-2302: Add comment to TrustStrategy usage in examples (#492)

This commit is contained in:
Marcono1234 2023-10-12 12:24:28 +02:00 committed by Oleg Kalnichevski
parent 9c83250ab4
commit 19f3922b37
2 changed files with 14 additions and 0 deletions

View File

@ -59,7 +59,14 @@ public class AsyncClientCustomSSL {
public static void main(final String[] args) throws Exception { public static void main(final String[] args) throws Exception {
// Trust standard CA and those trusted by our custom strategy // Trust standard CA and those trusted by our custom strategy
final SSLContext sslContext = SSLContexts.custom() final SSLContext sslContext = SSLContexts.custom()
// Custom TrustStrategy implementations are intended for verification
// of certificates whose CA is not trusted by the system, and where specifying
// a custom truststore containing the certificate chain is not an option.
.loadTrustMaterial((chain, authType) -> { .loadTrustMaterial((chain, authType) -> {
// Please note that validation of the server certificate without validation
// of the entire certificate chain in this example is preferred to completely
// disabling trust verification, however this still potentially allows
// for man-in-the-middle attacks.
final X509Certificate cert = chain[0]; final X509Certificate cert = chain[0];
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName()); return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
}) })

View File

@ -55,7 +55,14 @@ public class ClientCustomSSL {
public final static void main(final String[] args) throws Exception { public final static void main(final String[] args) throws Exception {
// Trust standard CA and those trusted by our custom strategy // Trust standard CA and those trusted by our custom strategy
final SSLContext sslContext = SSLContexts.custom() final SSLContext sslContext = SSLContexts.custom()
// Custom TrustStrategy implementations are intended for verification
// of certificates whose CA is not trusted by the system, and where specifying
// a custom truststore containing the certificate chain is not an option.
.loadTrustMaterial((chain, authType) -> { .loadTrustMaterial((chain, authType) -> {
// Please note that validation of the server certificate without validation
// of the entire certificate chain in this example is preferred to completely
// disabling trust verification, however this still potentially allows
// for man-in-the-middle attacks.
final X509Certificate cert = chain[0]; final X509Certificate cert = chain[0];
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName()); return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
}) })