-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit d2c780d
Future-proof HTTPS endpoint identification (#2104)
Netty 4.2 changes the default for hostname verification for TLS clients,
so that it is now enabled by default.
As a result, clients that rely on the default being _off_ will find
themselves unable to disable it.
Instead, clients should explicitly configure their desired endpoint
identification algorithm in all cases.
Since Netty 4.1.112 we also have a convenient method on the
`SslContextBuilder` for doing this, so we don't need multiple
round-trips through `SSLParameters`.
This PR changes the `DefaultSslEngineFactory` to make use of this
method, so it always configures the endpoint identification algorithm to
match the desired setting of
`AsyncHttpClientConfig..isDisableHttpsEndpointIdentificationAlgorithm()`.1 parent 8daef69 commit d2c780d
File tree
2 files changed
+3
-6
lines changed- client/src/main/java/org/asynchttpclient/netty/ssl
2 files changed
+3
-6
lines changedLines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
58 | 58 | | |
59 | 59 | | |
60 | 60 | | |
61 | + | ||
62 | + | ||
63 | + | ||
61 | 64 | | |
62 | 65 | | |
63 | 66 | | |
| |||
Lines changed: 0 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
22 | - | ||
23 | 22 | | |
24 | 23 | | |
25 | 24 | | |
| |||
30 | 29 | | |
31 | 30 | | |
32 | 31 | | |
33 | - | ||
34 | - | ||
35 | - | ||
36 | - | ||
37 | - | ||
38 | 32 | | |
39 | 33 | | |
0 commit comments