diff --git a/egress-router/src/main/java/com/networknt/router/RouterHandler.java b/egress-router/src/main/java/com/networknt/router/RouterHandler.java index d6aa84e49b..df21d70308 100644 --- a/egress-router/src/main/java/com/networknt/router/RouterHandler.java +++ b/egress-router/src/main/java/com/networknt/router/RouterHandler.java @@ -16,7 +16,10 @@ package com.networknt.router; +import com.networknt.client.ClientConfig; import com.networknt.client.Http2Client; +import com.networknt.client.ssl.TLSConfig; +import com.networknt.config.Config; import com.networknt.handler.Handler; import com.networknt.handler.ProxyHandler; import com.networknt.httpstring.AttachmentConstants; @@ -34,6 +37,8 @@ import java.util.Map; +import static io.undertow.client.http.HttpClientProvider.DISABLE_HTTPS_ENDPOINT_IDENTIFICATION_PROPERTY; + /** * This is a wrapper class for ProxyHandler as it is implemented as final. This class implements * the HttpHandler which can be injected into the handler.yml configuration file as another option @@ -50,6 +55,12 @@ public class RouterHandler implements HttpHandler { public RouterHandler() { config = RouterConfig.load(); ModuleRegistry.registerModule(RouterConfig.CONFIG_NAME, RouterHandler.class.getName(), config.getMappedConfig(), null); + ClientConfig clientConfig = ClientConfig.get(); + Map tlsMap = clientConfig.getTlsConfig(); + // disable the hostname verification based on the config. We need to do it here as the LoadBalancingRouterProxyClient uses the Undertow HttpClient. + if(tlsMap == null || tlsMap.get(TLSConfig.VERIFY_HOSTNAME) == null || Boolean.FALSE.equals(Config.loadBooleanValue(TLSConfig.VERIFY_HOSTNAME, tlsMap.get(TLSConfig.VERIFY_HOSTNAME)))) { + System.setProperty(DISABLE_HTTPS_ENDPOINT_IDENTIFICATION_PROPERTY, "true"); + } // As we are building a client side router for the light platform, the assumption is the server will // be on HTTP 2.0 TSL always. No need to handle HTTP 1.1 case here. LoadBalancingRouterProxyClient client = new LoadBalancingRouterProxyClient(); diff --git a/ingress-proxy/src/main/java/com/networknt/proxy/LightProxyHandler.java b/ingress-proxy/src/main/java/com/networknt/proxy/LightProxyHandler.java index b770e13b4f..84a371719b 100644 --- a/ingress-proxy/src/main/java/com/networknt/proxy/LightProxyHandler.java +++ b/ingress-proxy/src/main/java/com/networknt/proxy/LightProxyHandler.java @@ -17,7 +17,10 @@ package com.networknt.proxy; import com.fasterxml.jackson.databind.ObjectMapper; +import com.networknt.client.ClientConfig; import com.networknt.client.Http2Client; +import com.networknt.client.ssl.TLSConfig; +import com.networknt.config.Config; import com.networknt.config.JsonMapper; import com.networknt.handler.Handler; import com.networknt.httpstring.AttachmentConstants; @@ -43,6 +46,8 @@ import java.net.URISyntaxException; import java.util.*; +import static io.undertow.client.http.HttpClientProvider.DISABLE_HTTPS_ENDPOINT_IDENTIFICATION_PROPERTY; + /** * This is a wrapper class for LightProxyHandler as it is implemented as final. This class implements @@ -64,6 +69,13 @@ public class LightProxyHandler implements HttpHandler { public LightProxyHandler() { config = ProxyConfig.load(); ModuleRegistry.registerModule(ProxyConfig.CONFIG_NAME, LightProxyHandler.class.getName(), config.getMappedConfig(), null); + ClientConfig clientConfig = ClientConfig.get(); + Map tlsMap = clientConfig.getTlsConfig(); + // disable the hostname verification based on the config. We need to do it here as the LoadBalancingProxyClient uses the Undertow HttpClient. + if(tlsMap == null || tlsMap.get(TLSConfig.VERIFY_HOSTNAME) == null || Boolean.FALSE.equals(Config.loadBooleanValue(TLSConfig.VERIFY_HOSTNAME, tlsMap.get(TLSConfig.VERIFY_HOSTNAME)))) { + System.setProperty(DISABLE_HTTPS_ENDPOINT_IDENTIFICATION_PROPERTY, "true"); + } + List hosts = new ArrayList<>(Arrays.asList(config.getHosts().split(","))); if(logger.isTraceEnabled()) logger.trace("hosts = " + JsonMapper.toJson(hosts)); LoadBalancingProxyClient loadBalancer = new LoadBalancingProxyClient()