From 294cf258aa3039e1bc0939ea26713c429c561734 Mon Sep 17 00:00:00 2001
From: M Sazzadul Hoque <7600764+sazzad16@users.noreply.github.com>
Date: Thu, 28 Nov 2024 17:14:38 +0600
Subject: [PATCH] Allow manual HostnameVerifier with SslOptions

---
 .../jedis/DefaultJedisSocketFactory.java      | 12 +++++------
 .../clients/jedis/JedisClientConfig.java      | 12 +++++------
 .../jedis/SSLOptionsJedisClusterTest.java     | 20 +++++++++++++++----
 3 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java b/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
index 04b4e673eb..1e88f21f32 100644
--- a/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
+++ b/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
@@ -144,13 +144,11 @@ private Socket createSslSocket(HostAndPort _hostAndPort, Socket socket) throws I
       sslSocket.setSSLParameters(_sslParameters);
     }
 
-    if (sslOptions == null) {
-      // limiting HostnameVerifier only for legacy ssl config
-      if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
-        String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
-            _hostAndPort.getHost());
-        throw new JedisConnectionException(message);
-      }
+    // allowing HostnameVerifier for both SslOptions and legacy ssl config
+    if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
+      String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
+          _hostAndPort.getHost());
+      throw new JedisConnectionException(message);
     }
 
     return new SSLSocketWrapper(sslSocket, plainSocket);
diff --git a/src/main/java/redis/clients/jedis/JedisClientConfig.java b/src/main/java/redis/clients/jedis/JedisClientConfig.java
index ef5478e30e..8bd18b5aaa 100644
--- a/src/main/java/redis/clients/jedis/JedisClientConfig.java
+++ b/src/main/java/redis/clients/jedis/JedisClientConfig.java
@@ -73,13 +73,9 @@ default SSLParameters getSslParameters() {
     return null;
   }
 
-  default HostnameVerifier getHostnameVerifier() {
-    return null;
-  }
-
   /**
-   * {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()},
-   * {@link JedisClientConfig#getSslParameters()} and {@link JedisClientConfig#getHostnameVerifier()} will be ignored if
+   * {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()} and
+   * {@link JedisClientConfig#getSslParameters()} will be ignored if
    * {@link JedisClientConfig#getSslOptions() this} is set.
    * @return ssl options
    */
@@ -87,6 +83,10 @@ default SslOptions getSslOptions() {
     return null;
   }
 
+  default HostnameVerifier getHostnameVerifier() {
+    return null;
+  }
+
   default HostAndPortMapper getHostAndPortMapper() {
     return null;
   }
diff --git a/src/test/java/redis/clients/jedis/SSLOptionsJedisClusterTest.java b/src/test/java/redis/clients/jedis/SSLOptionsJedisClusterTest.java
index 3d9260a401..5cde75dd56 100644
--- a/src/test/java/redis/clients/jedis/SSLOptionsJedisClusterTest.java
+++ b/src/test/java/redis/clients/jedis/SSLOptionsJedisClusterTest.java
@@ -145,13 +145,19 @@ public void connectByIpAddressFailsWithSSLParameters() {
   }
 
   @Test
-  @org.junit.Ignore // TODO: drop support for custom hostname verifier (with SslOptions) ??
   public void connectWithCustomHostNameVerifier() {
     HostnameVerifier hostnameVerifier = new BasicHostnameVerifier();
     HostnameVerifier localhostVerifier = new LocalhostVerifier();
 
+    SslOptions sslOptions = SslOptions.builder()
+                .truststore(new File("src/test/resources/truststore.jceks"))
+                .trustStoreType("jceks").build();
+
     try (JedisCluster jc = new JedisCluster(new HostAndPort("localhost", 8379),
-        DefaultJedisClientConfig.builder().password("cluster").ssl(true)
+        DefaultJedisClientConfig.builder().password("cluster")
+            .sslOptions(SslOptions.builder()
+                .truststore(new File("src/test/resources/truststore.jceks"))
+                .trustStoreType("jceks").build())
             .hostnameVerifier(hostnameVerifier).hostAndPortMapper(portMap).build(),
         DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
       jc.get("foo");
@@ -163,7 +169,10 @@ public void connectWithCustomHostNameVerifier() {
     }
 
     try (JedisCluster jc2 = new JedisCluster(new HostAndPort("127.0.0.1", 8379),
-        DefaultJedisClientConfig.builder().password("cluster").ssl(true)
+        DefaultJedisClientConfig.builder().password("cluster")
+            .sslOptions(SslOptions.builder()
+                .truststore(new File("src/test/resources/truststore.jceks"))
+                .trustStoreType("jceks").build())
             .hostnameVerifier(hostnameVerifier).hostAndPortMapper(portMap).build(),
         DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
     } catch (JedisClusterOperationException e) {
@@ -171,7 +180,10 @@ public void connectWithCustomHostNameVerifier() {
     }
     
     try (JedisCluster jc3 = new JedisCluster(new HostAndPort("localhost", 8379),
-        DefaultJedisClientConfig.builder().password("cluster").ssl(true)
+        DefaultJedisClientConfig.builder().password("cluster")
+            .sslOptions(SslOptions.builder()
+                .truststore(new File("src/test/resources/truststore.jceks"))
+                .trustStoreType("jceks").build())
             .hostnameVerifier(localhostVerifier).hostAndPortMapper(portMap).build(),
         DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
       jc3.get("foo");