Option to supply custom hostname verifier to HTTP client

Anders Wisch anders at featureshock.com
Thu Nov 1 18:09:11 UTC 2018

Thankfully, all of my uses are for testing. To test hostname-based redirects or integration tests of
server code under SSL I start short-lived servers that serve self-signed certificates. Test cases
use HTTP clients that disable hostname verification, connect to a local address and port, and
sometimes vary the contents of the “Host” header. Since tests can run in parallel to speed up suite
execution and since other tests require secure hostname verification, it’s useful to be able to
isolate the behavior.

> On Nov 1, 2018, at 10:53 AM, Chris Hegarty <chris.hegarty at oracle.com> wrote:
> In order to evaluate this request, can you please provide
> use-cases for such. What “secure” server are you trying
> to connect to that is unwilling to identify itself in its
> certificate.
> -Chris.
>> On 1 Nov 2018, at 17:48, Anders Wisch <anders at featureshock.com> wrote:
>> Hi all,
>> I think it should be possible to supply a custom javax.net.ssl.HostnameVerifier while building a
>> java.net.http.HttpClient. While it is possible to disable standard hostname verification via the
>> system property “jdk.internal.httpclient.disableHostnameVerification”, this doesn’t allow you to
>> quarantine the behavior to a single HTTP client within the JVM.
>> Thanks for your consideration,
>> Anders Wisch

More information about the net-dev mailing list