Why is the connection to the web server via HTTPS successful even without HostnameVerifier?

Z

zencd2015-06-01 18:23:26

Java

zencd, 2015-06-01 18:23:26

There is a simple Java client code that connects to a web server. Previously, without the following "poultice", the HTTPS connection failed due to a forgot-what-exception, similar to running curl without the "-k" option:

// не для продакшна!
X509TrustManager[] DUMMY_TRUST_MANAGERS = {
  new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers() { return null; }
      public void checkClientTrusted(X509Certificate[] certs, String authType) { }
      public void checkServerTrusted(X509Certificate[] certs, String authType) { }
  }
}
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, DUMMY_TRUST_MANAGERS, new SecureRandom());
connection.setSSLSocketFactory(sslContext.getSocketFactory())
connection.setHostnameVerifier(new HostnameVerifier {
    public boolean verify(String host, SSLSession sslSession) {
        return true
    }
})

Unfortunately now I can not reproduce that exception on Java 6 - everything works without "poultice". Connected to different servers - ssllabs, google... JDK already demolished and reinstalled.

Tell me how to upset Java so that the code starts to fall again?

The simplest client code:

URL url = new URL(args[0]);
HttpsURLConnection c = (HttpsURLConnection)url.openConnection();
c.setDoOutput(false);
c.setDoInput(true);
c.connect();
c.getResponseCode();
...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

Power, 2015-06-01
@Power

I think you are talking about the lack of SNI support (in java < 7). Try to connect to https://bob.sni.velox.ch/.