Skip to content

Commit

Permalink
HTTPCLIENT-2302: Add comment to TrustStrategy usage in examples (#492)
Browse files Browse the repository at this point in the history
  • Loading branch information
Marcono1234 authored and ok2c committed Oct 12, 2023
1 parent 6105852 commit 32ce98d
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,14 @@ public class AsyncClientCustomSSL {
public static void main(final String[] args) throws Exception {
// Trust standard CA and those trusted by our custom strategy
final SSLContext sslContext = SSLContexts.custom()
// Custom TrustStrategy implementations are intended for verification
// of certificates whose CA is not trusted by the system, and where specifying
// a custom truststore containing the certificate chain is not an option.
.loadTrustMaterial((chain, authType) -> {
// Please note that validation of the server certificate without validation
// of the entire certificate chain in this example is preferred to completely
// disabling trust verification, however this still potentially allows
// for man-in-the-middle attacks.
final X509Certificate cert = chain[0];
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
})
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,14 @@ public class ClientCustomSSL {
public final static void main(final String[] args) throws Exception {
// Trust standard CA and those trusted by our custom strategy
final SSLContext sslContext = SSLContexts.custom()
// Custom TrustStrategy implementations are intended for verification
// of certificates whose CA is not trusted by the system, and where specifying
// a custom truststore containing the certificate chain is not an option.
.loadTrustMaterial((chain, authType) -> {
// Please note that validation of the server certificate without validation
// of the entire certificate chain in this example is preferred to completely
// disabling trust verification, however this still potentially allows
// for man-in-the-middle attacks.
final X509Certificate cert = chain[0];
return "CN=httpbin.org".equalsIgnoreCase(cert.getSubjectDN().getName());
})
Expand Down

0 comments on commit 32ce98d

Please sign in to comment.