apache httpclient 4.4: HostnameVerifier transition from 4.3.x

Question

HttpClient 4.3 had three static variables in org.apache.http.conn.ssl.SSLConnectionSocketFactory:

1. STRICT_HOSTNAME_VERIFIER
2. BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
3. ALLOW_ALL__HOSTNAME_VERIFIER

When upgrading the dependency to version 4.4 of HttpClient, I see that all the above constants are deprecated. The deprecation note in JavaDoc mentioned to use org.apache.http.conn.ssl.DefaultHostnameVerifier. Reading the docs, I assume that DefaultHostnameVerifier is a direct replacement to STRICT_HOSTNAME_VERIFIER. Also the ALLOW_ALL__HOSTNAME_VERIFIER is easy to implement:

package org.wiztools.restclient.http;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

/**
 *
 * @author subwiz
 */
public class AllowAllHostnameVerifier implements HostnameVerifier {

    @Override
    public boolean verify(String string, SSLSession ssls) {
        return true;
    }

}

There is a subtle distinction between the STRICT_HOSTNAME_VERIFIER and BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (from JavaDoc):

The only difference between BROWSER_COMPATIBLE and STRICT is that a wildcard (such as "*.foo.com") with BROWSER_COMPATIBLE matches all subdomains, including "a.b.foo.com".

Do we have a readily available BROWSER_COMPATIBLE hostname verifier for httpclient 4.4?

Answer 1

Actually, the javadoc of AllowAllHostnameVerifier gives a direct replacement for ALLOW_ALL__HOSTNAME_VERIFIER, which is NoopHostnameVerifier .