Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable custom host name verifier #4065

Closed
zqmmqz opened this issue Aug 10, 2021 · 3 comments
Closed

Enable custom host name verifier #4065

zqmmqz opened this issue Aug 10, 2021 · 3 comments

Comments

@zqmmqz
Copy link

zqmmqz commented Aug 10, 2021

Describe the feature

NetClientOptions now support specific algorithm for host name verification.
Is it possible to support custom host name similar to the uses of javax.net.ssl.HostnameVerifier?

Use cases

Besides the default verification which compares the common name in the SubjectDN in the SSL server's digital certificate with the host name of the SSL server, one would want to verify other behaviors.

My uses case is that we use a vertx client to talk to a server whose cert's common name isn't a valid host name. So we want to verify one fixed field in the SubjectDN. Currently we disable the host name verification to skip this because vertx asks a specific algorithm for the verification, but our case needs a more complex logic.

@vietj vietj added this to the 4.2.0 milestone Aug 11, 2021
@vietj
Copy link
Member

vietj commented Aug 11, 2021

not sure it is possible (depending on the hooks in Netty for this)

@tsegismont
Copy link
Contributor

This might be useful for the Reactive MSSQL Client too: when a server redirects the client to another server (with TDS ROUTING token), the hostname provided for connection may not be the same as of the actual server.

@tsegismont tsegismont self-assigned this Aug 26, 2021
@tsegismont tsegismont removed this from the 4.2.0 milestone Sep 10, 2021
@tsegismont
Copy link
Contributor

Duplicates #3720

It is already possible to customize verification. Create a TrustManager instance and then custom TrustOptions with wrap.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants