From 097a46b76171eb83f045c4c88d650dd833a7fa88 Mon Sep 17 00:00:00 2001
From: Kannan J <kannanjgithub@google.com>
Date: Thu, 28 Mar 2024 10:14:36 +0000
Subject: [PATCH] Use empty string instead of null for endpoint identification
 algorithm to disable server hostname verification, since null value gets
 ignored in Sun's SSLEngine implementation.

---
 .../grpc/xds/internal/security/trust/XdsX509TrustManager.java | 4 ++--
 .../xds/internal/security/trust/XdsX509TrustManagerTest.java  | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
index d5c6c174f0..6181d70fa5 100644
--- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
@@ -229,7 +229,7 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
       SSLSocket sslSocket = (SSLSocket) socket;
       SSLParameters sslParams = sslSocket.getSSLParameters();
       if (sslParams != null) {
-        sslParams.setEndpointIdentificationAlgorithm(null);
+        sslParams.setEndpointIdentificationAlgorithm("");
         sslSocket.setSSLParameters(sslParams);
       }
     }
@@ -242,7 +242,7 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
       throws CertificateException {
     SSLParameters sslParams = sslEngine.getSSLParameters();
     if (sslParams != null) {
-      sslParams.setEndpointIdentificationAlgorithm(null);
+      sslParams.setEndpointIdentificationAlgorithm("");
       sslEngine.setSSLParameters(sslParams);
     }
     delegate.checkServerTrusted(chain, authType, sslEngine);
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
index 08512396a4..9ceb6f706f 100644
--- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
@@ -534,6 +534,7 @@ public class XdsX509TrustManagerTest {
         CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
     trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
     verify(sslEngine, times(1)).getHandshakeSession();
+    assertThat(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
   }
 
   @Test
@@ -561,6 +562,7 @@ public class XdsX509TrustManagerTest {
     trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslSocket);
     verify(sslSocket, times(1)).isConnected();
     verify(sslSocket, times(1)).getHandshakeSession();
+    assertThat(sslSocket.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
   }
 
   @Test