diff --git a/httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestTlsHandshakeTimeout.java b/httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestTlsHandshakeTimeout.java index 9fde43e11b..c15d9e0cef 100644 --- a/httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestTlsHandshakeTimeout.java +++ b/httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestTlsHandshakeTimeout.java @@ -37,6 +37,8 @@ import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy; +import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.client5.testing.SSLTestContexts; import org.apache.hc.client5.testing.tls.TlsHandshakeTimeoutServer; import org.apache.hc.core5.http.ClassicHttpRequest; @@ -69,7 +71,7 @@ void testTimeout(final boolean sendServerHello) throws Exception { .setConnectTimeout(5, SECONDS) .setSocketTimeout(5, SECONDS) .build()) - .setTlsSocketStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext())) + .setTlsSocketStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext(), HostnameVerificationPolicy.CLIENT, NoopHostnameVerifier.INSTANCE)) .setDefaultTlsConfig(TlsConfig.custom() .setHandshakeTimeout(EXPECTED_TIMEOUT.toMillis(), MILLISECONDS) .build()) diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java index e4f6481f6e..1f9534a559 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java @@ -97,9 +97,9 @@ abstract class AbstractClientTlsStrategy implements TlsStrategy, TlsSocketStrate this.supportedProtocols = supportedProtocols; this.supportedCipherSuites = supportedCipherSuites; this.sslBufferManagement = sslBufferManagement != null ? sslBufferManagement : SSLBufferMode.STATIC; - this.hostnameVerificationPolicy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy : HostnameVerificationPolicy.BOTH; - this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : - (this.hostnameVerificationPolicy == HostnameVerificationPolicy.BUILTIN ? NoopHostnameVerifier.INSTANCE : HttpsSupport.getDefaultHostnameVerifier()); + this.hostnameVerificationPolicy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy : + (hostnameVerifier != null ? HostnameVerificationPolicy.BOTH : HostnameVerificationPolicy.BUILTIN); + this.hostnameVerifier = hostnameVerifier; } /** diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java index c73ee0b193..3f54b8e570 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java @@ -226,16 +226,13 @@ private DefaultClientTlsStrategy buildImpl() { } final HostnameVerificationPolicy hostnameVerificationPolicyCopy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy : (hostnameVerifier == null ? HostnameVerificationPolicy.BUILTIN : HostnameVerificationPolicy.BOTH); - final HostnameVerifier hostnameVerifierCopy = hostnameVerifier != null ? hostnameVerifier : - (hostnameVerificationPolicyCopy == HostnameVerificationPolicy.CLIENT || hostnameVerificationPolicyCopy == HostnameVerificationPolicy.BOTH ? - HttpsSupport.getDefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE); return new DefaultClientTlsStrategy( sslContextCopy, tlsVersionsCopy, ciphersCopy, sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC, hostnameVerificationPolicyCopy, - hostnameVerifierCopy); + hostnameVerifier); } } diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ConscryptClientTlsStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ConscryptClientTlsStrategy.java index eb2c5bdaef..089da89b7a 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ConscryptClientTlsStrategy.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ConscryptClientTlsStrategy.java @@ -54,8 +54,8 @@ public class ConscryptClientTlsStrategy extends AbstractClientTlsStrategy { public static TlsStrategy getDefault() { return new ConscryptClientTlsStrategy( SSLContexts.createDefault(), - HostnameVerificationPolicy.BOTH, - HttpsSupport.getDefaultHostnameVerifier()); + HostnameVerificationPolicy.BUILTIN, + null); } public static TlsStrategy getSystemDefault() { @@ -64,8 +64,8 @@ public static TlsStrategy getSystemDefault() { HttpsSupport.getSystemProtocols(), HttpsSupport.getSystemCipherSuits(), SSLBufferMode.STATIC, - HostnameVerificationPolicy.BOTH, - HttpsSupport.getDefaultHostnameVerifier()); + HostnameVerificationPolicy.BUILTIN, + null); } public ConscryptClientTlsStrategy( @@ -107,7 +107,7 @@ public ConscryptClientTlsStrategy( } public ConscryptClientTlsStrategy(final SSLContext sslContext) { - this(sslContext, HttpsSupport.getDefaultHostnameVerifier()); + this(sslContext, null); } @Override diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java index 7a74db5c4f..7a4af5c3e7 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java @@ -54,8 +54,8 @@ public class DefaultClientTlsStrategy extends AbstractClientTlsStrategy { public static DefaultClientTlsStrategy createDefault() { return new DefaultClientTlsStrategy( SSLContexts.createDefault(), - HostnameVerificationPolicy.BOTH, - HttpsSupport.getDefaultHostnameVerifier()); + HostnameVerificationPolicy.BUILTIN, + null); } /** @@ -67,8 +67,8 @@ public static DefaultClientTlsStrategy createSystemDefault() { HttpsSupport.getSystemProtocols(), HttpsSupport.getSystemCipherSuits(), SSLBufferMode.STATIC, - HostnameVerificationPolicy.BOTH, - HttpsSupport.getDefaultHostnameVerifier()); + HostnameVerificationPolicy.BUILTIN, + null); } /** @@ -127,7 +127,7 @@ public DefaultClientTlsStrategy( final String[] supportedCipherSuites, final SSLBufferMode sslBufferManagement, final HostnameVerifier hostnameVerifier) { - this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, HostnameVerificationPolicy.CLIENT, hostnameVerifier); + this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, null, hostnameVerifier); } public DefaultClientTlsStrategy( @@ -147,7 +147,7 @@ public DefaultClientTlsStrategy( } public DefaultClientTlsStrategy(final SSLContext sslContext) { - this(sslContext, HttpsSupport.getDefaultHostnameVerifier()); + this(sslContext, null); } @Override