Certificate Checking
Issue #4
wontfix
You advise in your documentation not to override the default hostnameVerifier.
TcpConnectionConfiguration tcpConfiguration = TcpConnectionConfiguration.builder()
.hostnameVerifier(hostnameVerifier)
However, I don't think you currently support the ability to connect securely to a server with a certificate which has a name miss-match with the domain. Without overriding it to always return true, the following exception is thrown.
java.io.IOException: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching domain.com found
Turning off ssl allows this connection, but you may still want a secure connection regardless of the validity of the certificate.
It would be nice if you could handle this scenario without having to overriding hostnameVerifier.
The desired behaviour of an application in this scenario would be to popup a dialog asking the user if they want to continue connecting to the server having reviewed the certificate. Currently the connection to the server is terminated by an exception. Would it be possible for a check to be made on the severs certificates, before the full connection step. In this way the details of the certificate can be relayed to the user of the application before a decision is made?
Comments (3)
-
repo owner
-
repo owner
Do you have any further comments on this? Otherwise I will close this soon, because UI dialogs are not part of this library.
-
repo owner
- changed status to wontfix
- Log in to comment
Hi,
prior to checking the hostname, the author of this blog called my attention to a security vulnerability and rightfully asked me to fix it (which is now done). http://op-co.de/blog/posts/java_sslsocket_mitm/
If your server has different certificates than its domain, you have a security issue, described in the blog (MitM attacks). The idea is, if you know the implications you could ignore this by providing your own hostname verifier.
If I removed the default hostname verification again, there would be again a security hole, which I am trying to avoid of course.
Popping up a dialog is out of scope of this library, because it depends on the used UI technology (i.e. Swing or JavaFX). My suggested solution is to use your custom HostnameVerifier and popup a dialog in it. Then return true of false, depending on the user's choice.