Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

400184: SslContextFactory change. Disable hostname verification if trustAll is set

This commit is contained in:
Thomas Becker 2013-02-07 11:49:50 +01:00
parent ddfec4a504
commit bb3c1433f4
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java
View File

@ -32,6 +32,7 @@ import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.DefaultHandler; import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -82,6 +83,14 @@ public class HostnameVerificationTest
client.start(); client.start();
} }
@After
public void tearDown() throws Exception
{
client.stop();
server.stop();
server.join();
}
/** /**
* This test is supposed to verify that hostname verification works as described in: * This test is supposed to verify that hostname verification works as described in:
* http://www.ietf.org/rfc/rfc2818.txt section 3.1. It uses a certificate with a common name different to localhost * http://www.ietf.org/rfc/rfc2818.txt section 3.1. It uses a certificate with a common name different to localhost
@ -114,7 +123,28 @@ public class HostnameVerificationTest
@Test @Test
public void simpleGetWithHostnameVerificationDisabledTest() throws Exception public void simpleGetWithHostnameVerificationDisabledTest() throws Exception
{ {
sslContextFactory.setEndpointIdentificationAlgorithm(""); sslContextFactory.setEndpointIdentificationAlgorithm(null);
String uri = "https://localhost:" + connector.getLocalPort() + "/";
try
{
client.GET(uri);
}
catch (ExecutionException e)
{
fail("SSLHandshake should work just fine as hostname verification is disabled! " + e.getMessage());
}
}
/**
* This test has hostname verification disabled by setting trustAll to true and connecting,
* ssl handshake and sending the request should just work fine.
*
* @throws Exception
*/
@Test
public void trustAllDisablesHostnameVerificationTest() throws Exception
{
sslContextFactory.setTrustAll(true);
String uri = "https://localhost:" + connector.getLocalPort() + "/"; String uri = "https://localhost:" + connector.getLocalPort() + "/";
try try
{ {

4
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -223,7 +223,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public SslContextFactory(boolean trustAll) public SslContextFactory(boolean trustAll)
{ {
_trustAll=trustAll; setTrustAll(trustAll);
} }
/** /**
@ -752,6 +752,8 @@ public class SslContextFactory extends AbstractLifeCycle
public void setTrustAll(boolean trustAll) public void setTrustAll(boolean trustAll)
{ {
_trustAll = trustAll; _trustAll = trustAll;
if(trustAll)
setEndpointIdentificationAlgorithm(null);
} }
/** /**