From 4d8e374ae6f1e09dacd3087f25a80d9711324afe Mon Sep 17 00:00:00 2001
From: Arturo Bernal <abernal@apache.org>
Date: Fri, 6 Jun 2025 20:44:03 +0200
Subject: [PATCH] Adjust default behavior to match intended logic

---
 .../http/impl/async/HttpAsyncClientBuilder.java     | 11 +++++++++++
 .../http/impl/classic/HttpClientBuilder.java        | 13 +++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java
index bb73238e45..268c182adb 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java
@@ -38,6 +38,8 @@
 import java.util.concurrent.ThreadFactory;
 import java.util.function.Function;
 
+import javax.net.ssl.HostnameVerifier;
+
 import org.apache.hc.client5.http.AuthenticationStrategy;
 import org.apache.hc.client5.http.ConnectionKeepAliveStrategy;
 import org.apache.hc.client5.http.HttpRequestRetryStrategy;
@@ -82,6 +84,8 @@
 import org.apache.hc.client5.http.protocol.RequestValidateTrace;
 import org.apache.hc.client5.http.protocol.ResponseProcessCookies;
 import org.apache.hc.client5.http.routing.HttpRoutePlanner;
+import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
 import org.apache.hc.core5.annotation.Internal;
 import org.apache.hc.core5.concurrent.DefaultThreadFactory;
 import org.apache.hc.core5.function.Callback;
@@ -97,6 +101,7 @@
 import org.apache.hc.core5.http.config.NamedElementChain;
 import org.apache.hc.core5.http.config.RegistryBuilder;
 import org.apache.hc.core5.http.nio.command.ShutdownCommand;
+import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
 import org.apache.hc.core5.http.protocol.DefaultHttpProcessor;
 import org.apache.hc.core5.http.protocol.HttpContext;
 import org.apache.hc.core5.http.protocol.HttpProcessor;
@@ -882,6 +887,12 @@ public CloseableHttpAsyncClient build() {
         AsyncClientConnectionManager connManagerCopy = this.connManager;
         if (connManagerCopy == null) {
             final PoolingAsyncClientConnectionManagerBuilder connectionManagerBuilder = PoolingAsyncClientConnectionManagerBuilder.create();
+            if (cookieManagementDisabled) {
+                final HostnameVerifier lightVerifier = new DefaultHostnameVerifier(null);
+                final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
+                        .setHostnameVerifier(lightVerifier).buildAsync();
+                connectionManagerBuilder.setTlsStrategy(tlsStrategy);
+            }
             if (systemProperties) {
                 connectionManagerBuilder.useSystemProperties();
             }
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java
index 406ffd0f80..8d6c981666 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java
@@ -39,6 +39,8 @@
 import java.util.Map;
 import java.util.function.Function;
 
+import javax.net.ssl.HostnameVerifier;
+
 import org.apache.hc.client5.http.AuthenticationStrategy;
 import org.apache.hc.client5.http.ConnectionKeepAliveStrategy;
 import org.apache.hc.client5.http.HttpRequestRetryStrategy;
@@ -86,6 +88,9 @@
 import org.apache.hc.client5.http.protocol.RequestValidateTrace;
 import org.apache.hc.client5.http.protocol.ResponseProcessCookies;
 import org.apache.hc.client5.http.routing.HttpRoutePlanner;
+import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
+import org.apache.hc.client5.http.ssl.TlsSocketStrategy;
 import org.apache.hc.core5.annotation.Internal;
 import org.apache.hc.core5.http.ConnectionReuseStrategy;
 import org.apache.hc.core5.http.Header;
@@ -844,6 +849,14 @@ public CloseableHttpClient build() {
         HttpClientConnectionManager connManagerCopy = this.connManager;
         if (connManagerCopy == null) {
             final PoolingHttpClientConnectionManagerBuilder connectionManagerBuilder = PoolingHttpClientConnectionManagerBuilder.create();
+            if (cookieManagementDisabled) {
+                final HostnameVerifier lightVerifier = new DefaultHostnameVerifier(null);
+                final TlsSocketStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
+                        .setHostnameVerifier(lightVerifier)
+                        .buildClassic();
+
+                connectionManagerBuilder.setTlsSocketStrategy(tlsStrategy);
+            }
             if (systemProperties) {
                 connectionManagerBuilder.useSystemProperties();
             }