Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8213309

Consider adding a hostname verifier like API to the HTTP Client

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 11, 12
    • Fix Version/s: None
    • Component/s: core-libs

      Description

      There has been a request to add a hostname verifier like API to the HTTP Client, similar to that of HttpsURLConnection.

      Such an API point could be used to effectively by-pass hostname checking when connecting to a "secure" server that does not wish to identify itself, in its certificate, by the hostname in the URL.

      This issue been raised a couple of times so far, namely:

      - http://mail.openjdk.java.net/pipermail/net-dev/2018-November/011899.html
      - https://stackoverflow.com/questions/52859195/using-httpbuilder-api-in-java-11-where-do-you-specify-the-hostnameverifier
      - https://stackoverflow.com/questions/52988677/allow-insecure-https-connection-for-java-jdk-11-httpclient
      - https://stackoverflow.com/questions/52856027/jdk-11-httpclient-throws-no-subject-alternative-dns-name-error

      To date the only known use-case is for testing. Further use-cases will be added here, if / when they are identified.

      FWIW, currently the HTTP Client API deliberately does not provide such an API point, as the implementation sets the URL's hostname in the TLS Server Name Indication ( SNI ) extension when initiating a new connection. In many real-world cases this is sufficient. For testing it may be a little cumbersome to expect the server implementation to use SNI, or identify itself with a Subject Alternative Name ( SAN ).

        Attachments

          Activity

            People

            • Assignee:
              michaelm Michael McMahon
              Reporter:
              chegar Chris Hegarty
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: