[
https://issues.apache.org/jira/browse/CXF-6761?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-6761.
-----------------------------------
Resolution: Fixed
Assignee: Sergey Beryozkin
Fix Version/s: 3.2.0
3.0.8
3.1.5
Thanks for the patch
> JAX-RS ClientImpl does not set TLSClientParameters on HTTPConduit when only
> HostnameVerifier is configured
> ----------------------------------------------------------------------------------------------------------
>
> Key: CXF-6761
> URL: https://issues.apache.org/jira/browse/CXF-6761
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.1.4
> Reporter: Chris Ribble
> Assignee: Sergey Beryozkin
> Priority: Minor
> Fix For: 3.1.5, 3.0.8, 3.2.0
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> org.apache.cxf.jaxrs.client.spec.ClientImpl only copies the
> TLSClientParameters configured by
> ClientBuilder.newBuilder().hostnameVerifier(HostnameVerifier) if an
> SSLSocketFactory or TrustManagers are configured.
> This makes it impossible to use a custom HostnameVerifier without also
> declaring a custom SSLSocketFactory or TrustManagers.
> Snip of incorrect code from
> rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java,
> line 282
> {code}
> // TLS
> TLSClientParameters tlsParams = secConfig.getTlsClientParams();
> if (tlsParams.getSSLSocketFactory() != null
> || tlsParams.getTrustManagers() != null) {
> clientCfg.getHttpConduit().setTlsClientParameters(tlsParams);
> }
> {code}
> Proposed replacement:
> {code}
> // TLS
> TLSClientParameters tlsParams = secConfig.getTlsClientParams();
> if (tlsParams.getSSLSocketFactory() != null
> || tlsParams.getTrustManagers() != null
> || tlsParams.getHostnameVerifier() != null) {
> clientCfg.getHttpConduit().setTlsClientParameters(tlsParams);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
