public interface HostnameVerifier extends HostnameVerifier
Our check() methods throw exceptions if the name is invalid, whereas javax.net.ssl.HostnameVerifier just returns true/false.
We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and HostnameVerifier.ALLOW_ALL implementations. We also provide the more specialized HostnameVerifier.DEFAULT_AND_LOCALHOST, as well as HostnameVerifier.STRICT_IE6. But feel free to define your own implementations! Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the HttpClient "contrib" repository.Modifier and Type | Interface and Description |
---|---|
static class |
HostnameVerifier.AbstractVerifier |
static class |
HostnameVerifier.Certificates |
Modifier and Type | Field and Description |
---|---|
static HostnameVerifier |
ALLOW_ALL
The ALLOW_ALL HostnameVerifier essentially turns hostname verification
off.
|
static HostnameVerifier |
DEFAULT
The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
|
static HostnameVerifier |
DEFAULT_AND_LOCALHOST
The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT
one with one additional relaxation: a host of "localhost",
"localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter
what is in the server's certificate.
|
static HostnameVerifier |
STRICT
The STRICT HostnameVerifier works the same way as java.net.URL in Sun
Java 1.4, Sun Java 5, Sun Java 6.
|
static HostnameVerifier |
STRICT_IE6
The STRICT_IE6 HostnameVerifier works just like the STRICT one with one
minor variation: the hostname can match against any of the CN's in the
server's certificate, not just the first one.
|
Modifier and Type | Method and Description |
---|---|
void |
check(String[] hosts,
SSLSocket ssl) |
void |
check(String[] hosts,
String[] cns,
String[] subjectAlts)
Checks to see if the supplied hostname matches any of the supplied CNs
or "DNS" Subject-Alts.
|
void |
check(String[] hosts,
X509Certificate cert) |
void |
check(String host,
SSLSocket ssl) |
void |
check(String host,
String[] cns,
String[] subjectAlts) |
void |
check(String host,
X509Certificate cert) |
boolean |
verify(String host,
SSLSession session) |
static final HostnameVerifier DEFAULT
static final HostnameVerifier DEFAULT_AND_LOCALHOST
static final HostnameVerifier STRICT
static final HostnameVerifier STRICT_IE6
static final HostnameVerifier ALLOW_ALL
boolean verify(String host, SSLSession session)
verify
in interface HostnameVerifier
void check(String host, SSLSocket ssl) throws IOException
IOException
void check(String host, X509Certificate cert) throws SSLException
SSLException
void check(String host, String[] cns, String[] subjectAlts) throws SSLException
SSLException
void check(String[] hosts, SSLSocket ssl) throws IOException
IOException
void check(String[] hosts, X509Certificate cert) throws SSLException
SSLException
void check(String[] hosts, String[] cns, String[] subjectAlts) throws SSLException
cns
- CN fields, in order, as extracted from the X.509
certificate.subjectAlts
- Subject-Alt fields of type 2 ("DNS"), as extracted
from the X.509 certificate.hosts
- The array of hostnames to verify.SSLException
- If verification failed.Copyright © 2005-2017 Apache Software Foundation. All Rights Reserved.