From 4ce7d2c1abb9f289f813c9731a05f43a3b99701a Mon Sep 17 00:00:00 2001
From: Idel Pivnitskiy <idel.pivnitskiy@apple.com>
Date: Wed, 26 Jun 2024 12:20:03 -0700
Subject: [PATCH] `StreamingConnectionFactory` should set
 hostnameVerificationAlgorithm to an empty string (#2988)

Motivation:

There are cases when default algorithm `HTTPS` can be reset if there are no `sniHostname` and no `peerHost`. See
`GrpcSslAndNonSslConnectionsTest` as a reproducer. This flow works well with Netty 4.1, but breaks with Netty 4.2 because Netty uses `HTTPS` by default. If we set it back to `null`, `sun.security.ssl.SSLEngineImpl` ignores it. To disable it later, we should use an empty string.

Modifications:

- Update `StreamingConnectionFactory.withSslConfigPeerHost` to use an empty string instead of `null` when it needs to reset `hostnameVerificationAlgorithm`;

Result:

We can override the previously set endpoint identification algorithm.
---
 .../servicetalk/http/netty/StreamingConnectionFactory.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/servicetalk-http-netty/src/main/java/io/servicetalk/http/netty/StreamingConnectionFactory.java b/servicetalk-http-netty/src/main/java/io/servicetalk/http/netty/StreamingConnectionFactory.java
index d9acd2ae58..effae5b553 100644
--- a/servicetalk-http-netty/src/main/java/io/servicetalk/http/netty/StreamingConnectionFactory.java
+++ b/servicetalk-http-netty/src/main/java/io/servicetalk/http/netty/StreamingConnectionFactory.java
@@ -95,7 +95,8 @@ static ReadOnlyTcpClientConfig withSslConfigPeerHost(Object resolvedRemoteAddres
             if (sniHostname == null) {
                 if (peerHost == null) {
                     newPeerHost = toHostAddress(inetAddress);
-                    newSniHostname = hostnameVerificationAlgorithm = null;
+                    newSniHostname = null;
+                    hostnameVerificationAlgorithm = "";
                 } else {
                     newPeerHost = peerHost + '-' + toHostAddress(inetAddress);
                     // We are overriding the peerHost to make it qualified with the resolved address. If sniHostname is
@@ -105,7 +106,8 @@ static ReadOnlyTcpClientConfig withSslConfigPeerHost(Object resolvedRemoteAddres
                         newSniHostname = peerHost;
                         hostnameVerificationAlgorithm = sslConfig.hostnameVerificationAlgorithm();
                     } else {
-                        newSniHostname = hostnameVerificationAlgorithm = null;
+                        newSniHostname = null;
+                        hostnameVerificationAlgorithm = "";
                     }
                 }
             } else {