Skip to content

Commit

Permalink
Allow manual HostnameVerifier with SslOptions
Browse files Browse the repository at this point in the history
  • Loading branch information
sazzad16 committed Nov 28, 2024
1 parent 46c031e commit 294cf25
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 17 deletions.
12 changes: 5 additions & 7 deletions src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
Original file line number Diff line number Diff line change
Expand Up @@ -144,13 +144,11 @@ private Socket createSslSocket(HostAndPort _hostAndPort, Socket socket) throws I
sslSocket.setSSLParameters(_sslParameters);
}

if (sslOptions == null) {
// limiting HostnameVerifier only for legacy ssl config
if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
_hostAndPort.getHost());
throw new JedisConnectionException(message);
}
// allowing HostnameVerifier for both SslOptions and legacy ssl config
if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
_hostAndPort.getHost());
throw new JedisConnectionException(message);
}

return new SSLSocketWrapper(sslSocket, plainSocket);
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/redis/clients/jedis/JedisClientConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -73,20 +73,20 @@ default SSLParameters getSslParameters() {
return null;
}

default HostnameVerifier getHostnameVerifier() {
return null;
}

/**
* {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()},
* {@link JedisClientConfig#getSslParameters()} and {@link JedisClientConfig#getHostnameVerifier()} will be ignored if
* {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()} and
* {@link JedisClientConfig#getSslParameters()} will be ignored if
* {@link JedisClientConfig#getSslOptions() this} is set.
* @return ssl options
*/
default SslOptions getSslOptions() {
return null;
}

default HostnameVerifier getHostnameVerifier() {
return null;
}

default HostAndPortMapper getHostAndPortMapper() {
return null;
}
Expand Down
20 changes: 16 additions & 4 deletions src/test/java/redis/clients/jedis/SSLOptionsJedisClusterTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -145,13 +145,19 @@ public void connectByIpAddressFailsWithSSLParameters() {
}

@Test
@org.junit.Ignore // TODO: drop support for custom hostname verifier (with SslOptions) ??
public void connectWithCustomHostNameVerifier() {
HostnameVerifier hostnameVerifier = new BasicHostnameVerifier();
HostnameVerifier localhostVerifier = new LocalhostVerifier();

SslOptions sslOptions = SslOptions.builder()
.truststore(new File("src/test/resources/truststore.jceks"))
.trustStoreType("jceks").build();

try (JedisCluster jc = new JedisCluster(new HostAndPort("localhost", 8379),
DefaultJedisClientConfig.builder().password("cluster").ssl(true)
DefaultJedisClientConfig.builder().password("cluster")
.sslOptions(SslOptions.builder()
.truststore(new File("src/test/resources/truststore.jceks"))
.trustStoreType("jceks").build())
.hostnameVerifier(hostnameVerifier).hostAndPortMapper(portMap).build(),
DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
jc.get("foo");
Expand All @@ -163,15 +169,21 @@ public void connectWithCustomHostNameVerifier() {
}

try (JedisCluster jc2 = new JedisCluster(new HostAndPort("127.0.0.1", 8379),
DefaultJedisClientConfig.builder().password("cluster").ssl(true)
DefaultJedisClientConfig.builder().password("cluster")
.sslOptions(SslOptions.builder()
.truststore(new File("src/test/resources/truststore.jceks"))
.trustStoreType("jceks").build())
.hostnameVerifier(hostnameVerifier).hostAndPortMapper(portMap).build(),
DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
} catch (JedisClusterOperationException e) {
assertEquals("Could not initialize cluster slots cache.", e.getMessage());
}

try (JedisCluster jc3 = new JedisCluster(new HostAndPort("localhost", 8379),
DefaultJedisClientConfig.builder().password("cluster").ssl(true)
DefaultJedisClientConfig.builder().password("cluster")
.sslOptions(SslOptions.builder()
.truststore(new File("src/test/resources/truststore.jceks"))
.trustStoreType("jceks").build())
.hostnameVerifier(localhostVerifier).hostAndPortMapper(portMap).build(),
DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
jc3.get("foo");
Expand Down

0 comments on commit 294cf25

Please sign in to comment.