Skip to content

Commit

Permalink
Limit HostnameVerifier only for legacy ssl config
Browse files Browse the repository at this point in the history
and document as JavaDoc in JedisClientConfig
  • Loading branch information
sazzad16 committed Nov 24, 2024
1 parent f56aec3 commit 06371b5
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 9 deletions.
11 changes: 7 additions & 4 deletions src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
Original file line number Diff line number Diff line change
Expand Up @@ -144,10 +144,13 @@ private Socket createSslSocket(HostAndPort _hostAndPort, Socket socket) throws I
sslSocket.setSSLParameters(_sslParameters);
}

if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
_hostAndPort.getHost());
throw new JedisConnectionException(message);
if (sslOptions == null) {
// limiting HostnameVerifier only for legacy ssl config
if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
_hostAndPort.getHost());
throw new JedisConnectionException(message);
}
}

return new SSLSocketWrapper(sslSocket, plainSocket);
Expand Down
11 changes: 6 additions & 5 deletions src/main/java/redis/clients/jedis/JedisClientConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -73,19 +73,20 @@ default SSLParameters getSslParameters() {
return null;
}

default HostnameVerifier getHostnameVerifier() {
return null;
}

/**
* {@link JedisClientConfig#isSsl()} and {@link JedisClientConfig#getSslSocketFactory()} will be ignored if
* {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()} and
* {@link JedisClientConfig#getHostnameVerifier()} will be ignored if
* {@link JedisClientConfig#getSslOptions() this} is set.
* @return ssl options
*/
default SslOptions getSslOptions() {
return null;
}

default HostnameVerifier getHostnameVerifier() {
return null;
}

default HostAndPortMapper getHostAndPortMapper() {
return null;
}
Expand Down

0 comments on commit 06371b5

Please sign in to comment.