public SSLParameters enableHostNameVerification(SSLParameters sslParameters) { sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); return sslParameters; }
public void setEndpointIdentificationAlgorithm(final String algorithm) { delegate.setEndpointIdentificationAlgorithm(algorithm); }
public SSLParameters enableHostNameVerification(SSLParameters sslParameters) { sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); return sslParameters; }
/** * Enable HTTP endpoint verification on the given SSL parameters. * * @param sslParameters The original SSL parameters */ public static void enableHostNameVerification(final SSLParameters sslParameters) { sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); }
private SSLEngine createSslEngine(SSLContext sslContext, String peerHost, int peerPort) { SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); if (cipherSuites != null) sslEngine.setEnabledCipherSuites(cipherSuites); if (enabledProtocols != null) sslEngine.setEnabledProtocols(enabledProtocols); // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation // only in client mode. Hence, validation is enabled only for clients. if (mode == Mode.SERVER) { sslEngine.setUseClientMode(false); if (needClientAuth) sslEngine.setNeedClientAuth(needClientAuth); else sslEngine.setWantClientAuth(wantClientAuth); } else { sslEngine.setUseClientMode(true); SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(endpointIdentification); sslEngine.setSSLParameters(sslParams); } return sslEngine; }
protected void configureSslEngine(SSLEngine sslEngine, AsyncHttpClientConfig config) { sslEngine.setUseClientMode(true); if (!config.isDisableHttpsEndpointIdentificationAlgorithm()) { SSLParameters params = sslEngine.getSSLParameters(); params.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(params); } } }
private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws TTransportException { SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket(); SSLParameters sslParams = sslSocket.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams); return new TSocket(sslSocket); } }
private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws TTransportException { SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket(); SSLParameters sslParams = sslSocket.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams); return new TSocket(sslSocket); }
sslParameters.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm); engine.setSSLParameters(sslParameters);
@Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { // The Netty client we use for the internal client does not provide an option to disable the standard hostname // validation. When using custom certificate checks, we want to allow that option, so we change the endpoint // identification algorithm here. This is not needed for the server-side, since the Jetty server does provide // an option for enabling/disabling standard hostname validation. if (!validateServerHostnames) { SSLParameters params = engine.getSSLParameters(); params.setEndpointIdentificationAlgorithm(null); engine.setSSLParameters(params); } certificateChecker.checkServer(chain, authType, engine, delegate); } }
sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters);
/** * Apply modifications to engine to enable hostname verification (client side only) * * @param sslEngine the engine used for handling TLS. Will be mutated by this method * @return the updated sslEngine that allows client side hostname verification */ @Override public SSLEngine apply( SSLEngine sslEngine ) { SSLParameters sslParameters = sslEngine.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm( VerificationAlgorithm.HTTPS.getValue() ); sslEngine.setSSLParameters( sslParameters ); return sslEngine; }
sslParams.setEndpointIdentificationAlgorithm("HTTPS"); ((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams);
/** * Configures the specified {@link SslHandler} with common settings. */ private static SslHandler configureSslHandler(SslHandler sslHandler) { // Set endpoint identification algorithm so that JDK's default X509TrustManager implementation // performs host name checks. Without this, the X509TrustManager implementation will never raise // a CertificateException even if the domain name or IP address mismatches. final SSLEngine engine = sslHandler.engine(); final SSLParameters params = engine.getSSLParameters(); params.setEndpointIdentificationAlgorithm("HTTPS"); engine.setSSLParameters(params); return sslHandler; }
@Override public SSLEngine serverSslEngine(String peerHost, int peerPort) { try { SSLEngine sslEngine = upstreamServerSslContext.get().newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort); // support SNI by setting the endpoint identification algorithm. this requires Java 7+. SSLParameters sslParams = new SSLParameters(); if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { sslParams.setEndpointIdentificationAlgorithm("HTTPS"); } sslEngine.setSSLParameters(sslParams); return sslEngine; } catch (RuntimeException e) { throw new MitmException("Error creating SSLEngine for connection to upstream server: " + peerHost + ":" + peerPort, e); } }
@Override protected TestSslTransportLayer newTransportLayer(String id, SelectionKey key, SSLEngine sslEngine) throws IOException { SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParams); return super.newTransportLayer(id, key, sslEngine); } };
sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters); sslEngine.setUseClientMode(true);
@Override public final synchronized SSLParameters getSSLParameters() { SSLParameters sslParameters = super.getSSLParameters(); int version = PlatformDependent.javaVersion(); if (version >= 7) { sslParameters.setEndpointIdentificationAlgorithm(endPointIdentificationAlgorithm); Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints); if (version >= 8) { if (sniHostNames != null) { Java8SslUtils.setSniHostNames(sslParameters, sniHostNames); } if (!isDestroyed()) { Java8SslUtils.setUseCipherSuitesOrder( sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0); } Java8SslUtils.setSNIMatchers(sslParameters, matchers); } } return sslParameters; }
@Override public final synchronized SSLParameters getSSLParameters() { SSLParameters sslParameters = super.getSSLParameters(); int version = PlatformDependent.javaVersion(); if (version >= 7) { sslParameters.setEndpointIdentificationAlgorithm(endPointIdentificationAlgorithm); Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints); if (version >= 8) { if (sniHostNames != null) { Java8SslUtils.setSniHostNames(sslParameters, sniHostNames); } if (!isDestroyed()) { Java8SslUtils.setUseCipherSuitesOrder( sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0); } Java8SslUtils.setSNIMatchers(sslParameters, matchers); } } return sslParameters; }
private SSLParameters redefine(SSLParameters original, String[] supportedCipherSuites, String[] supportedProtocols) { final SSLParameters params = new SSLParameters(); configure(params, protocolSelector.evaluate(supportedProtocols), cipherSuiteSelector.evaluate(supportedCipherSuites)); // copy all other parameters over params.setServerNames(original.getServerNames()); params.setSNIMatchers(original.getSNIMatchers()); params.setAlgorithmConstraints(original.getAlgorithmConstraints()); params.setEndpointIdentificationAlgorithm(original.getEndpointIdentificationAlgorithm()); return params; }