modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java [287:335]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private SSLSetupHandler createSSLSetupHandler(final String hostnameVerifier, final CertificateVerificationConfig cvConfig) throws AxisFault { return new SSLSetupHandler() { @Override public void initalize(SSLEngine sslengine) { } @Override public void verify(IOSession ioSession, SSLSession session) throws SSLException { SocketAddress remoteAddress = ioSession.getRemoteAddress(); String address; if (remoteAddress instanceof InetSocketAddress) { address = ((InetSocketAddress) remoteAddress).getHostName(); } else { address = remoteAddress.toString(); } boolean valid = false; //Do HostName verification. if (hostnameVerifier != null) { if ("Strict".equals(hostnameVerifier)) { valid = HostnameVerifier.STRICT.verify(address, session); } else if ("AllowAll".equals(hostnameVerifier)) { valid = HostnameVerifier.ALLOW_ALL.verify(address, session); } else if ("DefaultAndLocalhost".equals(hostnameVerifier)) { valid = HostnameVerifier.DEFAULT_AND_LOCALHOST.verify(address, session); } } else { valid = HostnameVerifier.DEFAULT.verify(address, session); } if (!valid) { throw new SSLException("Host name verification failed for host : " + address); } if (cvConfig != null) { try { ocspCrl.verifyRevocationStatus(session.getPeerCertificateChain(), cvConfig.getCacheSize(), cvConfig.getCacheDuration()); } catch (CertificateVerificationException e) { throw new SSLException("Certificate chain validation failed for host : " + address, e); } } } }; } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java [289:338]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private SSLSetupHandler createSSLSetupHandler(final String hostnameVerifier, final CertificateVerificationConfig cvConfig) throws AxisFault { return new SSLSetupHandler() { @Override public void initalize(SSLEngine sslengine) { } @Override public void verify(IOSession ioSession, SSLSession session) throws SSLException { SocketAddress remoteAddress = ioSession.getRemoteAddress(); String address; if (remoteAddress instanceof InetSocketAddress) { address = ((InetSocketAddress) remoteAddress).getHostName(); } else { address = remoteAddress.toString(); } boolean valid = false; //Do HostName verification. if (hostnameVerifier != null) { if ("Strict".equals(hostnameVerifier)) { valid = HostnameVerifier.STRICT.verify(address, session); } else if ("AllowAll".equals(hostnameVerifier)) { valid = HostnameVerifier.ALLOW_ALL.verify(address, session); } else if ("DefaultAndLocalhost".equals(hostnameVerifier)) { valid = HostnameVerifier.DEFAULT_AND_LOCALHOST.verify(address, session); } } else { valid = HostnameVerifier.DEFAULT.verify(address, session); } if (!valid) { throw new SSLException("Host name verification failed for host : " + address); } if (cvConfig != null) { //Do revocation verification of Certificates try { ocspCrl.verifyRevocationStatus(session.getPeerCertificateChain(), cvConfig.getCacheSize(), cvConfig.getCacheDuration()); } catch (CertificateVerificationException e) { throw new SSLException("Certificate chain validation failed for host : " + address, e); } } } }; } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -