HTTPCLIENT-2302: Add comment to TrustStrategy usage in examples (#492)
This commit is contained in:
parent
9c83250ab4
commit
19f3922b37
|
@ -59,7 +59,14 @@ public class AsyncClientCustomSSL {
|
||||||
public static void main(final String[] args) throws Exception {
|
public static void main(final String[] args) throws Exception {
|
||||||
// Trust standard CA and those trusted by our custom strategy
|
// Trust standard CA and those trusted by our custom strategy
|
||||||
final SSLContext sslContext = SSLContexts.custom()
|
final SSLContext sslContext = SSLContexts.custom()
|
||||||
|
// Custom TrustStrategy implementations are intended for verification
|
||||||
|
// of certificates whose CA is not trusted by the system, and where specifying
|
||||||
|
// a custom truststore containing the certificate chain is not an option.
|
||||||
.loadTrustMaterial((chain, authType) -> {
|
.loadTrustMaterial((chain, authType) -> {
|
||||||
|
// Please note that validation of the server certificate without validation
|
||||||
|
// of the entire certificate chain in this example is preferred to completely
|
||||||
|
// disabling trust verification, however this still potentially allows
|
||||||
|
// for man-in-the-middle attacks.
|
||||||
final X509Certificate cert = chain[0];
|
final X509Certificate cert = chain[0];
|
||||||
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
|
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
|
||||||
})
|
})
|
||||||
|
|
|
@ -55,7 +55,14 @@ public class ClientCustomSSL {
|
||||||
public final static void main(final String[] args) throws Exception {
|
public final static void main(final String[] args) throws Exception {
|
||||||
// Trust standard CA and those trusted by our custom strategy
|
// Trust standard CA and those trusted by our custom strategy
|
||||||
final SSLContext sslContext = SSLContexts.custom()
|
final SSLContext sslContext = SSLContexts.custom()
|
||||||
|
// Custom TrustStrategy implementations are intended for verification
|
||||||
|
// of certificates whose CA is not trusted by the system, and where specifying
|
||||||
|
// a custom truststore containing the certificate chain is not an option.
|
||||||
.loadTrustMaterial((chain, authType) -> {
|
.loadTrustMaterial((chain, authType) -> {
|
||||||
|
// Please note that validation of the server certificate without validation
|
||||||
|
// of the entire certificate chain in this example is preferred to completely
|
||||||
|
// disabling trust verification, however this still potentially allows
|
||||||
|
// for man-in-the-middle attacks.
|
||||||
final X509Certificate cert = chain[0];
|
final X509Certificate cert = chain[0];
|
||||||
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
|
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue