hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Golubev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1449) X509HostnameVerifier API is too restrictive
Date Tue, 21 Jan 2014 13:31:19 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13877458#comment-13877458

Mikhail Golubev commented on HTTPCLIENT-1449:

Hi, Oleg.

Well, you're right and it's actually boils down to necessity to duplicate these parts of {{AbstractVerifier}},
which, I believe, could be avoided.  I personally look after that the latest stable version
of httpclient is used in our codebase, so fixing it only in 4.4 is not a big deal.

Thanks for your attention to this tiny issue.

> X509HostnameVerifier API is too restrictive
> -------------------------------------------
>                 Key: HTTPCLIENT-1449
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1449
>             Project: HttpComponents HttpClient
>          Issue Type: Wish
>    Affects Versions: 4.3.1
>            Reporter: Mikhail Golubev
>            Priority: Minor
>             Fix For: 4.4 Alpha1
> I want to customize hostname verification process by creating custom X509HostnameVerifier,
which first try to use BrowserCompatHostnameVerifier strategy to check hostname and then,
if it fails, asks user directly, whether such certificate can be accepted. As I understand,
this verifier then can be supplied to e.g. HttpClientBuilder#setHostnameVerifier.
> But how should I achieve this? I can't extend BrowserCompatHostnameVerifier, because
all its methods is final or package-private. Extending AbstractVerifier also makes no sense,
because its only overridable method  is verify(String, String[], String[]) and it gives me
no access to certificate itself, which I need for user dialog. On the other hand, method verify(String
host, X509Certificate cert) is the perfect extension point for me, but it's declared final.
I really don't like to implement X509HostnameVerifier and then copy half of the AbstractVerifier
in it. May be I'm missing some other way to intercept hostname verification?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message