Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

apache httpclient 4.4: HostnameVerifier transition from 4.3.x

HttpClient 4.3 had three static variables in org.apache.http.conn.ssl.SSLConnectionSocketFactory:

  1. STRICT_HOSTNAME_VERIFIER
  2. BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
  3. ALLOW_ALL__HOSTNAME_VERIFIER

When upgrading the dependency to version 4.4 of HttpClient, I see that all the above constants are deprecated. The deprecation note in JavaDoc mentioned to use org.apache.http.conn.ssl.DefaultHostnameVerifier. Reading the docs, I assume that DefaultHostnameVerifier is a direct replacement to STRICT_HOSTNAME_VERIFIER. Also the ALLOW_ALL__HOSTNAME_VERIFIER is easy to implement:

package org.wiztools.restclient.http;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

/**
 *
 * @author subwiz
 */
public class AllowAllHostnameVerifier implements HostnameVerifier {

    @Override
    public boolean verify(String string, SSLSession ssls) {
        return true;
    }

}

There is a subtle distinction between the STRICT_HOSTNAME_VERIFIER and BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (from JavaDoc):

The only difference between BROWSER_COMPATIBLE and STRICT is that a wildcard (such as "*.foo.com") with BROWSER_COMPATIBLE matches all subdomains, including "a.b.foo.com".

Do we have a readily available BROWSER_COMPATIBLE hostname verifier for httpclient 4.4?

like image 967
Subhash Chandran Avatar asked Mar 23 '15 10:03

Subhash Chandran


1 Answers

Actually, the javadoc of AllowAllHostnameVerifier gives a direct replacement for ALLOW_ALL__HOSTNAME_VERIFIER, which is NoopHostnameVerifier .

like image 85
lvaills Avatar answered Sep 28 '22 20:09

lvaills