How to enable hostNameVerifier on server side in http4s BlazeServerBuilder

[tpsaitwal]

In one of my project we are moving away from akka (v10.2.9) to http4s (v0.23.12). In akka we are creating http server using akka.http.scaladsl.Http object which internally creates HttpConnectionContext for server using AkkaSSLConfig which by default has hostNameVerifier enabled on server side as well, Which checks host names against CN and SAN. You can disable this hostNameVerification using this parameter

akka.ssl-config.loose.disableHostnameVerification = true

When I dug deeper into this I got to know hostNameVerification should enabled on Client side only to avoid man in the middle attack.

However, while moving from akka to http4s I still want to keep the functionality of hostNameVerification. I read the http4s documentation and I am using BlazeServerBuilder but I didn't find any provision to enable hostNameVerification on server side. How can this be achieved with http4s and scala.

[rossabaker]

There is a withSslContextAndParameters method that lets you specify an SSLContext and the SSLParameters to apply on any resulting engine. There's no friendly application.conf like Akka, but it should provide the full power of the JSSE API.

Maybe something like this. Untested, uncompiled, and I'm being sloppy about effect tracking, which is fine if these are local variables and you don't mind a misconfiguration crashing your program at startup. Add F.delay and flatMap to taste:

val sslContext = SSLContext.getDefault
val sslParams = new SSLParameters()
sslParams.setEndpointIdentificationAlgorithm("HTTPS")
blazeServerBuilder.withSslContextAndParams(sslContext, sslParams)
...