HttpsURLConnection.setDefaultHostnameVerifier: method verify not invoked

Question

I configure HttpsUrlConnection like this:

HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());

DummyHostnameVerifier:

public class DummyHostnameVerifier implements HostnameVerifier {
    @Override
    public boolean verify(String s, SSLSession sslSession) {
        return true;
    }
}

Of course, it's only part of configuration. But the problem is that verify method in DummyHostnameVerifier isn't invoked. When I test my application on local machine, glassfish 3 server, verify invoked and I'm not recieving any exceptions. But when I test it on remote environment, verify isn't invoked, and I recieve this:

java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate.  To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.

On remote env app runs on jboss 5. Maybe this depends on some jboss config? I can't understand, where default hostname verifier changed after setting my verifier.

Answer 1

I think if you want to by pass the certificateValidation you would need to create Trustmanager which will not go for certificate validation

HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
        //  Create a TrustManager which wont validate certificate chains start 

        javax.net.ssl.TrustManager[] trustAllCertificates = new javax.net.ssl.TrustManager[1];

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCertificates[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");

        sc.init(null, trustAllCertificates, null);
    //  Create a TrustManager which wont validate certificate chains end 
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);

Could you please try with above code and let me know if you get the resolution ?

Answer 2

The problem was in following: somehow there wasn't action name in message to server. I configured connection like this:

HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory); HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());

    URL url = null;
    try {
        url = new URL(endpoint + "/wsdl");
    } catch (MalformedURLException e) {
        LOG.error(e.getMessage());
    }

    javax.xml.ws.Service s = MyService.create(url, new QName(MyService.NAMESPACE, MyService.SERVICE));
    ServiceSoap port = s.getPort(ServiceSoap.class);

    Map<String, Object> reqCtx = ((BindingProvider)port).getRequestContext();
    reqCtx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
    reqCtx.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
    reqCtx.put(BindingProvider.SOAPACTION_URI_PROPERTY, actionName);

    Client client = ClientProxy.getClient(port);
    HTTPConduit http = (HTTPConduit) client.getConduit();
    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setConnection(ConnectionType.CLOSE);
    http.setClient(httpClientPolicy);
    TLSClientParameters tls = new TLSClientParameters();
    tls.setSSLSocketFactory(sslFactory);
    tls.setDisableCNCheck(true);
    http.setTlsClientParameters(tls);

So, port configured and everything began to work.