Skip to content

Commit f470ded

Browse files
jfarcandjfarcand
committed
Merge pull request AsyncHttpClient#99 from jossulli/master
Fix issues around ssl verification with netty
2 parents bfc5866 + eb79dcb commit f470ded

File tree

2 files changed

+38
-19
lines changed

2 files changed

+38
-19
lines changed

src/main/java/com/ning/http/client/providers/netty/NettyConnectListener.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -71,11 +71,11 @@ public final void operationComplete(ChannelFuture f) throws Exception {
7171
}
7272

7373
HostnameVerifier v = config.getHostnameVerifier();
74-
if (sslHandler != null && !AllowAllHostnameVerifier.class.isAssignableFrom(v.getClass())) {
75-
// TODO: channel.getRemoteAddress()).getHostName() is very expensive. Should cache the result.
76-
if (!v.verify(InetSocketAddress.class.cast(channel.getRemoteAddress()).getHostName(),
77-
sslHandler.getEngine().getSession())) {
78-
throw new ConnectException("HostnameVerifier exception.");
74+
if (sslHandler != null) {
75+
if (!v.verify(future.getURI().getHost(), sslHandler.getEngine().getSession())) {
76+
ConnectException exception = new ConnectException("HostnameVerifier exception.");
77+
future.abort(exception);
78+
throw exception;
7979
}
8080
}
8181

src/test/java/com/ning/http/client/async/HostnameVerifierTest.java

Lines changed: 33 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,13 @@
4141
import java.security.cert.CertificateException;
4242
import java.security.cert.X509Certificate;
4343
import java.util.Enumeration;
44+
import java.util.concurrent.ExecutionException;
4445
import java.util.concurrent.Future;
4546
import java.util.concurrent.atomic.AtomicBoolean;
4647

4748
import static org.testng.Assert.assertEquals;
4849
import static org.testng.Assert.assertNotNull;
50+
import static org.testng.Assert.fail;
4951

5052
public abstract class HostnameVerifierTest extends AbstractBasicTest {
5153

@@ -219,9 +221,10 @@ public void negativeHostnameVerifierTest() throws Throwable {
219221
File file = new File(url.toURI());
220222

221223
try {
222-
Future<Response> f = client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute();
223-
} catch (ConnectException ex) {
224-
assertEquals(ConnectException.class, ex.getClass());
224+
client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute().get();
225+
fail("ConnectException expected");
226+
} catch (ExecutionException ex) {
227+
assertEquals(ex.getCause().getClass(), ConnectException.class);
225228
}
226229
}
227230

@@ -236,15 +239,16 @@ public void remoteIDHostnameVerifierTest() throws Throwable {
236239
File file = new File(url.toURI());
237240

238241
try {
239-
Future<Response> f = client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute();
240-
} catch (ConnectException ex) {
241-
assertEquals(ConnectException.class, ex.getClass());
242+
client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute().get();
243+
fail("ConnectException expected");
244+
} catch (ExecutionException ex) {
245+
assertEquals(ex.getCause().getClass(), ConnectException.class);
242246
}
243247
}
244248

245249
@Test(groups = {"standalone", "default_provider"})
246-
public void remotePosHostnameVerifierTest() throws Throwable {
247-
250+
public void remoteNegHostnameVerifierTest() throws Throwable {
251+
// request is made to 127.0.0.1, but cert presented for localhost - this should fail
248252
final AsyncHttpClient client = getAsyncHttpClient(new Builder().setHostnameVerifier(new CheckHost("localhost")).setSSLContext(createSSLContext()).build());
249253

250254
ClassLoader cl = getClass().getClassLoader();
@@ -253,11 +257,28 @@ public void remotePosHostnameVerifierTest() throws Throwable {
253257
File file = new File(url.toURI());
254258

255259
try {
256-
Future<Response> f = client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute();
257-
} catch (ConnectException ex) {
258-
assertEquals(ConnectException.class, ex.getClass());
260+
client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute().get();
261+
fail("ConnectException expected");
262+
} catch (ExecutionException ex) {
263+
assertEquals(ex.getCause().getClass(), ConnectException.class);
259264
}
260265
}
266+
267+
@Test(groups = {"standalone", "default_provider"})
268+
public void remotePosHostnameVerifierTest() throws Throwable {
269+
270+
final AsyncHttpClient client = getAsyncHttpClient(new Builder().setHostnameVerifier(new CheckHost("127.0.0.1")).setSSLContext(createSSLContext()).build());
271+
272+
ClassLoader cl = getClass().getClassLoader();
273+
// override system properties
274+
URL url = cl.getResource("SimpleTextFile.txt");
275+
File file = new File(url.toURI());
276+
277+
Response resp = client.preparePost(getTargetUrl()).setBody(file).setHeader("Content-Type", "text/html").execute().get();
278+
assertNotNull(resp);
279+
assertEquals(resp.getStatusCode(), HttpServletResponse.SC_OK);
280+
assertEquals(resp.getResponseBody(), "This is a simple test file");
281+
}
261282

262283
public static class PositiveHostVerifier implements HostnameVerifier {
263284

@@ -269,7 +290,7 @@ public boolean verify(String s, SSLSession sslSession) {
269290
public static class NegativeHostVerifier implements HostnameVerifier {
270291

271292
public boolean verify(String s, SSLSession sslSession) {
272-
return true;
293+
return false;
273294
}
274295
}
275296

@@ -334,6 +355,4 @@ public void checkServerTrusted(
334355
}
335356
}
336357
};
337-
338-
339358
}

0 commit comments

Comments
 (0)