>From JDK 7, JSSE introduces a new hostname verifying approach. It is
call "endpoint identification" in JSSE context. It can be used to
replace the HostnameVerifier on SSLSession. A typical user case looks like:
1. implement a X509ExtendedTrustManager. It is required to check the
endpoint identification in the following methods:
checkClientTrusted(X509Certificate[], String, Socket)
checkClientTrusted(X509Certificate[], String, SSLEngine)
checkServerTrusted(X509Certificate[], String, Socket)
checkServerTrusted(X509Certificate[], String, SSLEngine)
2. initialize a SSLParameters to enable the endpoint identification:
sslParameter.setEndpointIdentificationAlgorithm("https");
3. set the SSLParameters to SSLSocket or SSLEngine, the instance of
X509ExtendedTrustManager will check the endpoint (hostname) during
handshaking.
Considering the java.net.httpclient.HttpsConfigurator, it is an
implementation of HostnameVerifier. So it would support both
HostnameVerifier and the above endpoint identification. I think as may
be redundant if no compatibility concerns. I was wondering maybe it is
OK to detach the HostnameVerifier interface and remove the verify() method.
Maybe, you have other concerns that the HttpsConfigurator.verify()
method is really needed.
Thanks,
Xuelei
On 8/8/2012 7:09 AM, Michael McMahon wrote:
> Hi,
>
> A new revision of the Http client API planned for jdk 8 can be viewed
> at the following link
>
> http://cr.openjdk.java.net/~michaelm/httpclient/v0.3/
>
> We would like to review the api on this mailing list.
> So, all comments are welcome.
>
> Thanks
> Michael McMahon.
