Does vertx support custom HostnameVerifier?
105 views
Skip to first unread message
Qiumin Zhang
Aug 2, 2021, 2:06:08 AM8/2/21
to vert.x
Hi,
I have a server app which has to use a
certificate whose CN is not a valid hostname. When sending a request
from my vertx app to the server app, I'd like to have a custom
HostnameVerifier to accept this case.
Checked a lot of code of non-vertx apps, seems the common way is to create a custom verifier by implementing HostnameVerifier. Is it possible to make this work with my vertx client app? Does vertx already support the custom hostname verifierer?
Thanks
Julien Viet
Aug 2, 2021, 11:02:16 AM8/2/21
to vert.x
Hi,
we don't support such feature, we do support specifying the hostname
verifier algorithm on the NetClient.
can you show client using it other than HttpsURLConnection ?
Julien
> --
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/d9ab8932-37b8-4757-a92b-e12042d5b387n%40googlegroups.com.
we don't support such feature, we do support specifying the hostname
verifier algorithm on the NetClient.
can you show client using it other than HttpsURLConnection ?
Julien
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/d9ab8932-37b8-4757-a92b-e12042d5b387n%40googlegroups.com.
Qiumin Zhang
Aug 2, 2021, 1:51:37 PM8/2/21
to vert.x
Hi,
The setHostnameVerificationAlgorithm() asks a string name of a specific algorithm, but we need to add a logic for the verifier, is there a workaround?
Qiumin
Julien Viet
Aug 2, 2021, 3:55:54 PM8/2/21
to vert.x
currently not, when do you need this verification to happen ?
during the TLS handshake or can it be done later by the application ?
On Mon, Aug 2, 2021 at 7:51 PM Qiumin Zhang <qium...@gmail.com> wrote:
>
> Hi,
>
> The setHostnameVerificationAlgorithm() asks a string name of a specific algorithm, but we need to add a logic for the verifier, is there a workaround?
>
> Qiumin
>
> On Monday, August 2, 2021 at 8:02:16 AM UTC-7 jul...@julienviet.com wrote:
>>
>> Hi,
>>
>> we don't support such feature, we do support specifying the hostname
>> verifier algorithm on the NetClient.
>>
>> can you show client using it other than HttpsURLConnection ?
>>
>> Julien
>>
>> On Mon, Aug 2, 2021 at 8:06 AM Qiumin Zhang <qium...@gmail.com> wrote:
>> >
>> >
>> > Hi,
>> >
>> > I have a server app which has to use a certificate whose CN is not a valid hostname. When sending a request from my vertx app to the server app, I'd like to have a custom HostnameVerifier to accept this case.
>> >
>> > Checked a lot of code of non-vertx apps, seems the common way is to create a custom verifier by implementing HostnameVerifier. Is it possible to make this work with my vertx client app? Does vertx already support the custom hostname verifierer?
>> >
>> > Thanks
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups "vert.x" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
>> > To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/d9ab8932-37b8-4757-a92b-e12042d5b387n%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/3d7f629f-5675-4600-95e5-c0449ab156fdn%40googlegroups.com.
during the TLS handshake or can it be done later by the application ?
On Mon, Aug 2, 2021 at 7:51 PM Qiumin Zhang <qium...@gmail.com> wrote:
>
> Hi,
>
> The setHostnameVerificationAlgorithm() asks a string name of a specific algorithm, but we need to add a logic for the verifier, is there a workaround?
>
> Qiumin
>
> On Monday, August 2, 2021 at 8:02:16 AM UTC-7 jul...@julienviet.com wrote:
>>
>> Hi,
>>
>> we don't support such feature, we do support specifying the hostname
>> verifier algorithm on the NetClient.
>>
>> can you show client using it other than HttpsURLConnection ?
>>
>> Julien
>>
>> On Mon, Aug 2, 2021 at 8:06 AM Qiumin Zhang <qium...@gmail.com> wrote:
>> >
>> >
>> > Hi,
>> >
>> > I have a server app which has to use a certificate whose CN is not a valid hostname. When sending a request from my vertx app to the server app, I'd like to have a custom HostnameVerifier to accept this case.
>> >
>> > Checked a lot of code of non-vertx apps, seems the common way is to create a custom verifier by implementing HostnameVerifier. Is it possible to make this work with my vertx client app? Does vertx already support the custom hostname verifierer?
>> >
>> > Thanks
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups "vert.x" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
>> > To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/d9ab8932-37b8-4757-a92b-e12042d5b387n%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Message has been deleted
Qiumin Zhang
Aug 2, 2021, 4:51:35 PM8/2/21
to vert.x
We need it during TLS handshake, can we support this feature in next versions?
We're currently blocked by it, it would be great if you can suggest any possible work around.
Julien Viet
Aug 3, 2021, 8:13:53 AM8/3/21
to vert.x
can you open an issue for this in https://github.com/eclipse-vertx/vert.x/ ?
On Mon, Aug 2, 2021 at 10:45 PM Qiumin Zhang <qium...@gmail.com> wrote:
>
> We need it during TLS handshake.
> It'd be great if vertx can support this feature, can we have the feature in upcoming versions?
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/d0ac4277-5391-477a-a0ac-6723559b5226n%40googlegroups.com.
On Mon, Aug 2, 2021 at 10:45 PM Qiumin Zhang <qium...@gmail.com> wrote:
>
> We need it during TLS handshake.
> It'd be great if vertx can support this feature, can we have the feature in upcoming versions?
Julien Viet
Aug 3, 2021, 8:14:21 AM8/3/21
to vert.x
work around is : use a proxy for TLS
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/616cbc09-77c3-4b4a-ae8e-247e65b393fen%40googlegroups.com.
Qiumin Zhang
Aug 10, 2021, 12:47:37 PM8/10/21
to vert.x
I opened a feature request in the repo. https://github.com/eclipse-vertx/vert.x/issues/new/choose
The proxy may not suit for our case.
Is it possible to verify after the handshake? if yes, how to get the subject DN?
Reply all
Reply to author
Forward
0 new messages