Re: Disabling hostname verification on websockets in Tomcat 8+

Ah, that's it! I was using the TrustEverythingTrustManager we had around from the rabbitmq client library, which just implements X509TrustManager, and I didn't realize that was significa

Re: Disabling hostname verification on websockets in Tomcat 8+

On 25/05/2023 22:52, V User wrote: The how-to on websockets ( https://tomcat.apache.org/tomcat-9.0-doc/web-socket-howto.html) says that you can bypass hostname verification with a custom TrustManager: "For secure server endpoints, host name verification is enabled by default. To bypass this veri

Disabling hostname verification on websockets in Tomcat 8+

Hello, I'm working through upgrading an application from Tomcat 7 to Tomcat 9, and am running into an issue with hostname verification. The application initiates websocket connections using SSL to several other servers by IP address, and those servers' certificates either do not have any subject a