From 8fcde4b31b36205ea6ef673808489943e4aca3ef Mon Sep 17 00:00:00 2001 From: Matthias Sohn Date: Sun, 3 Mar 2013 21:54:48 +0100 Subject: Don't verify host name when sslVerify is false Native git also doesn't verify host names when http.sslVerify=false. See native git's commit a5ccc597. See: http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02047.html Change-Id: I42f509fea8e4ac89fad646aec3dfbf1753ae7e3d Signed-off-by: Matthias Sohn --- .../src/org/eclipse/jgit/transport/TransportHttp.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java index 12a94fae2f..9816d97808 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java @@ -1,6 +1,7 @@ /* * Copyright (C) 2008-2010, Google Inc. * Copyright (C) 2008, Shawn O. Pearce + * Copyright (C) 2013, Matthias Sohn * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available @@ -83,8 +84,10 @@ import java.util.TreeMap; import java.util.zip.GZIPInputStream; import java.util.zip.GZIPOutputStream; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; @@ -532,6 +535,7 @@ public class TransportHttp extends HttpTransport implements WalkTransport, ctx.init(null, trustAllCerts, null); final HttpsURLConnection sslConn = (HttpsURLConnection) conn; sslConn.setSSLSocketFactory(ctx.getSocketFactory()); + sslConn.setHostnameVerifier(new DummyHostnameVerifier()); } catch (KeyManagementException e) { throw new IOException(e.getMessage()); } catch (NoSuchAlgorithmException e) { @@ -980,4 +984,11 @@ public class TransportHttp extends HttpTransport implements WalkTransport, // no check } } + + private static class DummyHostnameVerifier implements HostnameVerifier { + public boolean verify(String hostname, SSLSession session) { + // always accept + return true; + } + } } -- cgit v1.2.3