@Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { certificateChecker.checkClient(chain, authType, engine, delegate); }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { // The Netty client we use for the internal client does not provide an option to disable the standard hostname // validation. When using custom certificate checks, we want to allow that option, so we change the endpoint // identification algorithm here. This is not needed for the server-side, since the Jetty server does provide // an option for enabling/disabling standard hostname validation. if (!validateServerHostnames) { SSLParameters params = engine.getSSLParameters(); params.setEndpointIdentificationAlgorithm(null); engine.setSSLParameters(params); } certificateChecker.checkServer(chain, authType, engine, delegate); } }