From 5e262a36dab399cd03f66b5592f50af4019286eb Mon Sep 17 00:00:00 2001 From: jansupol Date: Thu, 21 Apr 2022 16:36:07 +0200 Subject: [PATCH] Add javadoc to Netty ENABLE_SSL_HOSTNAME_VERIFICATION configuration property Signed-off-by: jansupol --- .../netty/connector/NettyClientProperties.java | 15 ++++++++++++++- .../jersey/netty/connector/NettyConnector.java | 15 +++++++++++++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyClientProperties.java b/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyClientProperties.java index 84b8da56fb..bf34699708 100644 --- a/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyClientProperties.java +++ b/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyClientProperties.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2021 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2022 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -54,5 +54,18 @@ public class NettyClientProperties { */ public static final String MAX_CONNECTIONS = "jersey.config.client.maxConnections"; + /** + *

+ * Sets the endpoint identification algorithm to HTTPS. + *

+ *

+ * The default value is {@code true} (for HTTPS uri scheme). + *

+ *

+ * The name of the configuration property is {@value}. + *

+ * @since 2.35 + * @see javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String) + */ public static final String ENABLE_SSL_HOSTNAME_VERIFICATION = "jersey.config.client.tls.enableHostnameVerification"; } diff --git a/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyConnector.java b/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyConnector.java index e2d4d35514..c97ea2e16c 100644 --- a/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyConnector.java +++ b/connectors/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyConnector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2021 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2022 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -61,7 +61,9 @@ import io.netty.handler.codec.http.HttpUtil; import io.netty.handler.codec.http.HttpVersion; import io.netty.handler.proxy.HttpProxyHandler; +import io.netty.handler.ssl.ApplicationProtocolConfig; import io.netty.handler.ssl.ClientAuth; +import io.netty.handler.ssl.IdentityCipherSuiteFilter; import io.netty.handler.ssl.JdkSslContext; import io.netty.handler.ssl.SslHandler; import io.netty.handler.stream.ChunkedWriteHandler; @@ -241,7 +243,16 @@ protected void initChannel(SocketChannel ch) throws Exception { // Enable HTTPS if necessary. if ("https".equals(requestUri.getScheme())) { // making client authentication optional for now; it could be extracted to configurable property - JdkSslContext jdkSslContext = new JdkSslContext(client.getSslContext(), true, ClientAuth.NONE); + JdkSslContext jdkSslContext = new JdkSslContext( + client.getSslContext(), + true, + (Iterable) null, + IdentityCipherSuiteFilter.INSTANCE, + (ApplicationProtocolConfig) null, + ClientAuth.NONE, + (String[]) null, /* enable default protocols */ + false /* true if the first write request shouldn't be encrypted */ + ); int port = requestUri.getPort(); SslHandler sslHandler = jdkSslContext.newHandler(ch.alloc(), requestUri.getHost(), port <= 0 ? 443 : port, executorService);