Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1062

SSLSocketFactory.setHostnameVerifier(..) deprecated but no replacement defined

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Trivial
    • Resolution: Invalid
    • 4.1 Final
    • None
    • HttpClient (classic)

    Description

      I'm creating SSLSocketFactory and set host verifier to SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER to authorize any TLS/SSL host. In HttpClient v4.1 this method is deprecated, however there is no replacement specified. Also host verifier logic is still used in the code, so therefore @Deprecated annotation shall be removed or some appropriate comment shall be added for future devs to let them know which method shall they use instead or at least why they shouldn't use SSLSocketFactory.setHostnameVerifier(X509HostnameVerifier).

      <pre>
      import java.security.KeyManagementException;
      import java.security.NoSuchAlgorithmException;

      import javax.net.ssl.SSLContext;
      import javax.net.ssl.TrustManager;
      import javax.net.ssl.X509TrustManager;

      import org.apache.http.conn.ssl.SSLSocketFactory;

      /**

      • Create naive SSLSocket factory which will authorize any TSL/SSL host.
      • @author Bartosz Firyn (SarXos)
        */
        public class NaiveSSLFactory {

      /**

      • @return Return naive SSL socket factory (authorize any SSL/TSL host)
        */
        public static SSLSocketFactory createNaiveSSLSocketFactory() {
        X509TrustManager manager = new NaiveX509TrustManager();
        SSLContext sslcontext = null;
        try
        Unknown macro: { TrustManager[] managers = new TrustManager[] { manager }; sslcontext = SSLContext.getInstance("SSL"); sslcontext.init(null, managers, null); }

        catch (NoSuchAlgorithmException e)

        { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); }

        SSLSocketFactory factory = new SSLSocketFactory(sslcontext);
        factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        return factory;
        }
        }
        </pre>

      ---------------

      <pre>
      import java.security.cert.CertificateException;
      import java.security.cert.X509Certificate;

      import javax.net.ssl.X509TrustManager;

      /**

      • The goal of this trust manager is to do nothing - it will authorize
      • any TSL/SSL secure connection.
      • @author Bartosz Firyn (SarXos)
        */
        public class NaiveX509TrustManager implements X509TrustManager {

      @Override
      public void checkClientTrusted(X509Certificate[] certs, String str) throws CertificateException {
      }

      @Override
      public void checkServerTrusted(X509Certificate[] certs, String str) throws CertificateException {
      }

      @Override
      public X509Certificate[] getAcceptedIssuers()

      { return null; }

      }
      </pre>

      ---------------------

      <pre>
      import org.apache.http.conn.ClientConnectionManager;
      import org.apache.http.conn.scheme.Scheme;
      import org.apache.http.conn.scheme.SchemeRegistry;
      import org.apache.http.conn.ssl.SSLSocketFactory;
      import org.apache.http.impl.client.DefaultHttpClient;

      /**

      • Default HTTP client.
      • @author Bartosz Firyn (SarXos)
        */
        public class NaiveSSLClient extends DefaultHttpClient {

      /**

      • Singleton instance.
        */
        private static NaiveSSLClient instance = null;

      /**

      • @return Singleton instance.
        */
        public static NaiveSSLClient getInstance()
        Unknown macro: { if (instance == null) { instance = create(); } return instance; }

      /**

      • @return New instance of HTTP client.
        */
        protected static NaiveSSLClient create() { NaiveSSLClient client = new NaiveSSLClient(); SSLSocketFactory factory = NaiveSSLFactory.createNaiveSSLSocketFactory(); ClientConnectionManager manager = client.getConnectionManager(); SchemeRegistry registry = manager.getSchemeRegistry(); registry.register(new Scheme("https", 443, factory)); return client; }

      /**

      • Private.
        */
        private NaiveSSLClient() {
        }
        }
        </pre>

      Attachments

        Activity

          People

            Unassigned Unassigned
            sarxos Bartosz Firyn
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 1h
                1h
                Remaining:
                Remaining Estimate - 1h
                1h
                Logged:
                Time Spent - Not Specified
                Not Specified