org.apache.http.conn.ssl.X509HostnameVerifier |
Known Indirect Subclasses
|
Class Overview
Interface for checking if a hostname matches the names stored inside the
server's X.509 certificate. Implements javax.net.ssl.HostnameVerifier, but
we don't actually use that interface. Instead we added some methods that
take String parameters (instead of javax.net.ssl.HostnameVerifier's
SSLSession). JUnit is a lot easier this way! :-)
We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and
HostnameVerifier.ALLOW_ALL implementations. But feel free to define
your own implementation!
Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the
HttpClient "contrib" repository.
Public Methods
public
abstract
boolean
verify
(String host, SSLSession session)
Verifies that the specified hostname is allowed within the specified SSL
session.
Parameters
host
| the hostname. |
session
| the SSL session of the connection. |
Returns
true
if the specified hostname is allowed, otherwise
false
.
public
abstract
void
verify
(String host, String[] cns, String[] subjectAlts)
Checks to see if the supplied hostname matches any of the supplied CNs
or "DNS" Subject-Alts. Most implementations only look at the first CN,
and ignore any additional CNs. Most implementations do look at all of
the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards
according to RFC 2818.
Parameters
host
| The hostname to verify. |
cns
| CN fields, in order, as extracted from the X.509
certificate. |
subjectAlts
| Subject-Alt fields of type 2 ("DNS"), as extracted
from the X.509 certificate. |