Re: [jetty-dev] How to disable hostname validation on jetty embedded server 9.x version

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] How to disable hostname validation on jetty embedded server 9.x version

Joakim Erdfelt-8
Server doesn't do that, the client does.

Joakim Erdfelt / [hidden email]

On Wed, May 16, 2018 at 5:43 AM, Luis Morales Alcala <[hidden email]> wrote:


Dear All,

Can someone help me with this problem?

















De: Luis Morales Alcala
Enviado: miércoles, 9 de mayo de 2018 16:38
Para: [hidden email]; [hidden email]
Asunto: How to disable hostname validation on jetty embedded server 9.x version
 

Dear all
Currently I have a Verison 9.3.x Embedded Jetty server working perfectly offering websockets communications through port 8080 and through 8443 for secure communications.
I need to disable the validation of the hostname as well as the certificates but I can not disable it.

I am using the method setTrustAll and setEndpointIdentificationAlgorithm(null) but the hostname verification is still activated.
sslContextFactory.setTrustAll(true);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
How can avoid it?

Best regards


_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] How to disable hostname validation on jetty embedded server 9.x version

Joakim Erdfelt-8
Hostname verification of the types you are asking about is a client side verification of the server certificate.

The server doesn't do anything more then give that server certificate to the client and the client verifies it.

You either fix this issue on the client side to not pay attention to the certificate hostname, or change the certificate on the server side to give the client the right hostname.

Joakim Erdfelt / [hidden email]

On Wed, May 16, 2018 at 5:47 AM, Luis Morales Alcala <[hidden email]> wrote:

Hi Joakim

I have read a lot about this and on version 9.x the hostname verification is enabled by default in the server.

I need to disable this verification in the server but the method  setEndpointIdentificationAlgorithm is not working well.


SslContextFactory.setEndpointIdentificationAlgorithm(null);




De: [hidden email] <[hidden email]> en nombre de Joakim Erdfelt <[hidden email]>
Enviado: miércoles, 16 de mayo de 2018 12:44
Para: Jetty @ Eclipse developer discussion list
Cc: [hidden email]
Asunto: Re: [jetty-users] [jetty-dev] How to disable hostname validation on jetty embedded server 9.x version
 
Server doesn't do that, the client does.

Joakim Erdfelt / [hidden email]

On Wed, May 16, 2018 at 5:43 AM, Luis Morales Alcala <[hidden email]> wrote:


Dear All,

Can someone help me with this problem?

















De: Luis Morales Alcala
Enviado: miércoles, 9 de mayo de 2018 16:38
Para: [hidden email]; [hidden email]
Asunto: How to disable hostname validation on jetty embedded server 9.x version
 

Dear all
Currently I have a Verison 9.3.x Embedded Jetty server working perfectly offering websockets communications through port 8080 and through 8443 for secure communications.
I need to disable the validation of the hostname as well as the certificates but I can not disable it.

I am using the method setTrustAll and setEndpointIdentificationAlgorithm(null) but the hostname verification is still activated.
sslContextFactory.setTrustAll(true);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
How can avoid it?

Best regards


_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev


_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users