HttpClientPolicy setHost and disableCNCheck

[NareshMamidi <r....@gmail.com>]

Hi,

We use Apache CXF as a webservice client (Wsdl2java) and I am trying to
understand the HTTPClientPolicy setHost usage for HTTPS communication. We
have DNS mappings locally done in the hosts file and dont want hosts file
misconfiguration to affect the application. For this reason we have used
setHost and make an https call using one-way SSL(Client doesn't send any
certs). The X509 cert at the webservice endpoint has the CN with its
hostname.

The call to service fails saying that the CNCheck should be disabled at the
client. I am assuming that the connection made through HTTPConduit doesn't
use the HOST setting and the HTTPUrlConnection opened always connects by the
IP mentioned in the BindingProvider configuration.

http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?view=markup

As prepare method call suggests cxf doesn't use the host setting to open the
connection.

Is there any chance to consider this requirement or has another workaround?

Thanks,
Naresh



--
View this message in context: http://cxf.547215.n5.nabble.com/HttpClientPolicy-setHost-and-disableCNCheck-tp4840875p4840875.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: HttpClientPolicy setHost and disableCNCheck

[Naresh Mamidi <r....@gmail.com>]

Just to rephrase the question, is it possible to use setHost configuration to
change the IP in binding provider to hostname (DNS name) before making a
call through CXF client?

--
View this message in context: http://cxf.547215.n5.nabble.com/HttpClientPolicy-setHost-and-disableCNCheck-tp4840875p4844841.html
Sent from the cxf-user mailing list archive at Nabble.com.