Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 990561059E for ; Mon, 20 Jan 2014 16:30:21 +0000 (UTC) Received: (qmail 55906 invoked by uid 500); 20 Jan 2014 16:30:20 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 55845 invoked by uid 500); 20 Jan 2014 16:30:20 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 55833 invoked by uid 99); 20 Jan 2014 16:30:19 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Jan 2014 16:30:19 +0000 Date: Mon, 20 Jan 2014 16:30:19 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HTTPCLIENT-1449) X509HostnameVerifier API is too restrictive MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13876557#comment-13876557 ] Oleg Kalnichevski commented on HTTPCLIENT-1449: ----------------------------------------------- If I understand it correctly the problem boils down to having to duplicate X509Certificate retrieval code? I am perfectly fine with making all these methods non-final, but I would prefer to make this change in 4.4 only and have it go through alpha / beta review process. You would still end up stuck with the same problem as long as you want your application to depend on stable 4.3 release series. Oleg > X509HostnameVerifier API is too restrictive > ------------------------------------------- > > Key: HTTPCLIENT-1449 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1449 > Project: HttpComponents HttpClient > Issue Type: Bug > Affects Versions: 4.3.1 > Reporter: Mikhail Golubev > Priority: Minor > > I want to customize hostname verification process by creating custom X509HostnameVerifier, which first try to use BrowserCompatHostnameVerifier strategy to check hostname and then, if it fails, asks user directly, whether such certificate can be accepted. As I understand, this verifier then can be supplied to e.g. HttpClientBuilder#setHostnameVerifier. > But how should I achieve this? I can't extend BrowserCompatHostnameVerifier, because all its methods is final or package-private. Extending AbstractVerifier also makes no sense, because its only overridable method is verify(String, String[], String[]) and it gives me no access to certificate itself, which I need for user dialog. On the other hand, method verify(String host, X509Certificate cert) is the perfect extension point for me, but it's declared final. I really don't like to implement X509HostnameVerifier and then copy half of the AbstractVerifier in it. May be I'm missing some other way to intercept hostname verification? -- This message was sent by Atlassian JIRA (v6.1.5#6160) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org