cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Ribble (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6761) JAX-RS ClientImpl does not set TLSClientParameters on HTTPConduit when only HostnameVerifier is configured
Date Wed, 27 Jan 2016 00:51:39 GMT
Chris Ribble created CXF-6761:
---------------------------------

             Summary: JAX-RS ClientImpl does not set TLSClientParameters on HTTPConduit when
only HostnameVerifier is configured
                 Key: CXF-6761
                 URL: https://issues.apache.org/jira/browse/CXF-6761
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS
    Affects Versions: 3.1.4
            Reporter: Chris Ribble
            Priority: Minor


org.apache.cxf.jaxrs.client.spec.ClientImpl only copies the TLSClientParameters configured
by ClientBuilder.newBuilder().hostnameVerifier(HostnameVerifier) if an SSLSocketFactory or
TrustManagers are configured.

This makes it impossible to use a custom HostnameVerifier without also declaring a custom
SSLSocketFactory or TrustManagers.

Snip of incorrect code from rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java,
line 282
{code}
            // TLS
            TLSClientParameters tlsParams = secConfig.getTlsClientParams();
            if (tlsParams.getSSLSocketFactory() != null 
                || tlsParams.getTrustManagers() != null) {
                clientCfg.getHttpConduit().setTlsClientParameters(tlsParams);
            }
{code}

Proposed replacement:

{code}
            // TLS
            TLSClientParameters tlsParams = secConfig.getTlsClientParams();
            if (tlsParams.getSSLSocketFactory() != null 
                || tlsParams.getTrustManagers() != null
                || tlsParams.getHostnameVerifier() != null) {
                clientCfg.getHttpConduit().setTlsClientParameters(tlsParams);
            }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message