turn off hostname verification

[Lee Breisacher <LB...@seagullsoftware.com>]

It appears that the default hostname verification in 4.1 is BROWSER_COMPATIBLE, whereas the default in 3.x was ALLOW_ALL. Is that correct?

What is the easiest way for a simple 4.1 client to turn off hostname verification?

Thanks,

Lee

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

RE: turn off hostname verification

[Oleg Kalnichevski <ol...@apache.org>]

On Sun, 2010-05-30 at 21:46 +0000, Lee Breisacher wrote:
> Yes, I read that piece of the tutorial, but I have a bare-bones simple client:
> 
> HttpClient httpclient = new DefaultHttpClient();
> HttpGet httpget = new HttpGet("https://www.xyz.com/...");
> HttpResponse response = httpclient.execute(httpget);
> HttpEntity entity = response.getEntity();
> 
> From the tutorial, it looks like there's no easy way to adjust hostname verification. I must get into details of socket factories and params and sf.connectSocket() and such? It's not obvious how all these pieces fit together.
> 
> Lee
> 

SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, null, null);
SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(
  new Scheme("https", sf, 443));

Hope this helps

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

RE: turn off hostname verification

[Lee Breisacher <LB...@seagullsoftware.com>]

Yes, I read that piece of the tutorial, but I have a bare-bones simple client:

HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet("https://www.xyz.com/...");
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();

From the tutorial, it looks like there's no easy way to adjust hostname verification. I must get into details of socket factories and params and sf.connectSocket() and such? It's not obvious how all these pieces fit together.

Lee

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: Sunday, May 30, 2010 1:17 PM
To: HttpClient User Discussion
Subject: Re: turn off hostname verification

On Sat, 2010-05-29 at 12:41 +0000, Lee Breisacher wrote:
> It appears that the default hostname verification in 4.1 is BROWSER_COMPATIBLE, whereas the default in 3.x was ALLOW_ALL. Is that correct?
> 

This is correct.

> What is the easiest way for a simple 4.1 client to turn off hostname verification?
> 

You should configure the SSLSocketFactory with
ALLOW_ALL_HOSTNAME_VERIFIER as described here:

http://hc.apache.org/httpcomponents-client-4.0.1/tutorial/html/connmgmt.html#d4e506

Hope this helps

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: turn off hostname verification

[Oleg Kalnichevski <ol...@apache.org>]

On Sat, 2010-05-29 at 12:41 +0000, Lee Breisacher wrote:
> It appears that the default hostname verification in 4.1 is BROWSER_COMPATIBLE, whereas the default in 3.x was ALLOW_ALL. Is that correct?
> 

This is correct.

> What is the easiest way for a simple 4.1 client to turn off hostname verification?
> 

You should configure the SSLSocketFactory with
ALLOW_ALL_HOSTNAME_VERIFIER as described here:

http://hc.apache.org/httpcomponents-client-4.0.1/tutorial/html/connmgmt.html#d4e506

Hope this helps

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org