grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use empty string instead of null for endpoint identification algorithm to disable server hostname verification, since null value gets ignored in Sun's SSLEngine implementation.

This commit is contained in:
Kannan J 2024-03-28 10:14:36 +00:00 committed by Eric Anderson
parent 00649913b0
commit 097a46b761
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
xds/src/main/java/io/grpc/xds/internal/security/trust/XdsX509TrustManager.java
View File

@ -229,7 +229,7 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
SSLSocket sslSocket = (SSLSocket) socket; SSLSocket sslSocket = (SSLSocket) socket;
SSLParameters sslParams = sslSocket.getSSLParameters(); SSLParameters sslParams = sslSocket.getSSLParameters();
if (sslParams != null) { if (sslParams != null) {
sslParams.setEndpointIdentificationAlgorithm(null); sslParams.setEndpointIdentificationAlgorithm("");
sslSocket.setSSLParameters(sslParams); sslSocket.setSSLParameters(sslParams);
} }
} }
@ -242,7 +242,7 @@ final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509
throws CertificateException { throws CertificateException {
SSLParameters sslParams = sslEngine.getSSLParameters(); SSLParameters sslParams = sslEngine.getSSLParameters();
if (sslParams != null) { if (sslParams != null) {
sslParams.setEndpointIdentificationAlgorithm(null); sslParams.setEndpointIdentificationAlgorithm("");
sslEngine.setSSLParameters(sslParams); sslEngine.setSSLParameters(sslParams);
} }
delegate.checkServerTrusted(chain, authType, sslEngine); delegate.checkServerTrusted(chain, authType, sslEngine);

2
xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java
View File

@ -534,6 +534,7 @@ public class XdsX509TrustManagerTest {
CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE)); CertificateUtils.toX509Certificates(TlsTesting.loadCert(SERVER_1_PEM_FILE));
trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine); trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslEngine);
verify(sslEngine, times(1)).getHandshakeSession(); verify(sslEngine, times(1)).getHandshakeSession();
assertThat(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
} }
@Test @Test
@ -561,6 +562,7 @@ public class XdsX509TrustManagerTest {
trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslSocket); trustManager.checkServerTrusted(serverCerts, "ECDHE_ECDSA", sslSocket);
verify(sslSocket, times(1)).isConnected(); verify(sslSocket, times(1)).isConnected();
verify(sslSocket, times(1)).getHandshakeSession(); verify(sslSocket, times(1)).getHandshakeSession();
assertThat(sslSocket.getSSLParameters().getEndpointIdentificationAlgorithm()).isEmpty();
} }
@Test @Test