[JBoss JIRA] Commented: (JBREM-525) Automatically set HostnameVerifier in HTTPSClientInvoker to allow all hosts if authorization is turned off.

Monday, 13 November 2006

    [ http://jira.jboss.com/jira/browse/JBREM-525?page=comments#action_12346921 ] 

Ron Sigal commented on JBREM-525:
---------------------------------

Modified HTTPSClientInvoker to use AnyhostVerifier when (1) no HostnameVerifier has been
specifically configured, (2) IGNORE_HTTPS_HOST has not been set in the configuration or
metadata maps, and (3) authentication has been turned off on the client side.

...
 Automatically set HostnameVerifier in HTTPSClientInvoker to allow all
hosts if authorization is turned off.

-----------------------------------------------------------------------------------------------------------

                 Key: JBREM-525
                 URL: http://jira.jboss.com/jira/browse/JBREM-525
             Project: JBoss Remoting
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
    Affects Versions: 2.2.0.Alpha3 (Bluto)
            Reporter: Ron Sigal
         Assigned To: Ron Sigal
            Priority: Minor
             Fix For:  2.2.0.Beta1 (Bluto)

 Currently, HTTPSClientInvoker will set HostnameVerifier to inner class AnyhostVerifer,
which accepts all host names, if it is configured with
HTTPSClientInvoker.IGNORE_HTTPS_HOST set to "true".  It could also check the
values of SSLSocketBuilder.REMOTING_SERVER_AUTH_MODE and
SSLSocketBuilder.REMOTING_CLIENT_AUTH_MODE and turn use AnyhostVerifier if authorization
is turned off. 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006