You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Lee Breisacher <LB...@seagullsoftware.com> on 2010/05/29 14:41:09 UTC
turn off hostname verification
It appears that the default hostname verification in 4.1 is BROWSER_COMPATIBLE, whereas the default in 3.x was ALLOW_ALL. Is that correct?
What is the easiest way for a simple 4.1 client to turn off hostname verification?
Thanks,
Lee
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: turn off hostname verification
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Sun, 2010-05-30 at 21:46 +0000, Lee Breisacher wrote:
> Yes, I read that piece of the tutorial, but I have a bare-bones simple client:
>
> HttpClient httpclient = new DefaultHttpClient();
> HttpGet httpget = new HttpGet("https://www.xyz.com/...");
> HttpResponse response = httpclient.execute(httpget);
> HttpEntity entity = response.getEntity();
>
> From the tutorial, it looks like there's no easy way to adjust hostname verification. I must get into details of socket factories and params and sf.connectSocket() and such? It's not obvious how all these pieces fit together.
>
> Lee
>
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, null, null);
SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(
new Scheme("https", sf, 443));
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: turn off hostname verification
Posted by Lee Breisacher <LB...@seagullsoftware.com>.
Yes, I read that piece of the tutorial, but I have a bare-bones simple client:
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet("https://www.xyz.com/...");
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
From the tutorial, it looks like there's no easy way to adjust hostname verification. I must get into details of socket factories and params and sf.connectSocket() and such? It's not obvious how all these pieces fit together.
Lee
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Sunday, May 30, 2010 1:17 PM
To: HttpClient User Discussion
Subject: Re: turn off hostname verification
On Sat, 2010-05-29 at 12:41 +0000, Lee Breisacher wrote:
> It appears that the default hostname verification in 4.1 is BROWSER_COMPATIBLE, whereas the default in 3.x was ALLOW_ALL. Is that correct?
>
This is correct.
> What is the easiest way for a simple 4.1 client to turn off hostname verification?
>
You should configure the SSLSocketFactory with
ALLOW_ALL_HOSTNAME_VERIFIER as described here:
http://hc.apache.org/httpcomponents-client-4.0.1/tutorial/html/connmgmt.html#d4e506
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: turn off hostname verification
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Sat, 2010-05-29 at 12:41 +0000, Lee Breisacher wrote:
> It appears that the default hostname verification in 4.1 is BROWSER_COMPATIBLE, whereas the default in 3.x was ALLOW_ALL. Is that correct?
>
This is correct.
> What is the easiest way for a simple 4.1 client to turn off hostname verification?
>
You should configure the SSLSocketFactory with
ALLOW_ALL_HOSTNAME_VERIFIER as described here:
http://hc.apache.org/httpcomponents-client-4.0.1/tutorial/html/connmgmt.html#d4e506
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org