]> source.dussan.org Git - jgit.git/commitdiff
projects / jgit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82abba5)
Don't verify host name when sslVerify is false 09/10809/2
authorMatthias Sohn <matthias.sohn@sap.com>
Sun, 3 Mar 2013 20:54:48 +0000 (21:54 +0100)
committerGerrit Code Review @ Eclipse.org <gerrit@eclipse.org>
Wed, 20 Mar 2013 00:39:38 +0000 (20:39 -0400)
Native git also doesn't verify host names when http.sslVerify=false.
See native git's commit a5ccc597.

See: http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02047.html
Change-Id: I42f509fea8e4ac89fad646aec3dfbf1753ae7e3d
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java patch | blob | history

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
index 12a94fae2f940628b238865bc66da3075e960a92..9816d97808a2ea406f0c2571fe694f48322e4184 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2008-2010, Google Inc.
  * Copyright (C) 2008, Shawn O. Pearce <spearce@spearce.org>
+ * Copyright (C) 2013, Matthias Sohn <matthias.sohn@sap.com>
  * and other copyright owners as documented in the project's IP log.
  *
  * This program and the accompanying materials are made available
@@ -83,8 +84,10 @@ import java.util.TreeMap;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
@@ -532,6 +535,7 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
                        ctx.init(null, trustAllCerts, null);
                        final HttpsURLConnection sslConn = (HttpsURLConnection) conn;
                        sslConn.setSSLSocketFactory(ctx.getSocketFactory());
+                       sslConn.setHostnameVerifier(new DummyHostnameVerifier());
                } catch (KeyManagementException e) {
                        throw new IOException(e.getMessage());
                } catch (NoSuchAlgorithmException e) {
@@ -980,4 +984,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport,
                        // no check
                }
        }
+
+       private static class DummyHostnameVerifier implements HostnameVerifier {
+               public boolean verify(String hostname, SSLSession session) {
+                       // always accept
+                       return true;
+               }
+       }
 }
JGit, the Java implementation of git: https://github.com/eclipse-jgit/jgit