CODEWITHSUNDEEP
sslcertificatecxfjax-rscruisecontrol.net
Alex
Alex

Reputation: 391

how to disable CN checking for CXF 3.0.0+ jax-rs 2.0 client

I don't know how to programmatically disable CN checking with CXF 3.0.4 JAX-RS 2.0 client. My code is as follows: 

     System.setProperty("jsse.enableSNIExtension", "false"); 
        HttpsURLConnection.setDefaultHostnameVerifier( 
        new HostnameVerifier(){ 

            public boolean verify(String hostname, 
                    SSLSession sslSession) { 

                    return true; 
            
            } 
        }); 
            Client client = ClientBuilderImpl.newClient(); 
            String urlHost = "https://" + centralNode; 
            WebTarget target = client.target(urlHost).path(BASE_SERVICE_URL); 
            String encodedpw = Base64.encodeBase64String(passwd.getBytes()); 
            String body = "{\"uid\" : \"" + uid + "\",\"password\": \"" + encodedpw + "\"}"; 
            Response res = target.request(MediaType.APPLICATION_JSON).post(Entity.entity(body, MediaType.APPLICATION_JSON));

As you can see, I already tried to override the default hostnameverifier, and set jsse.enableSNIExtension to false. None of these worked, i am still getting the exception:

"The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore. Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true."

Please help!

Upvotes: 4

Views: 8313

Answers (1)

sinan selimoglu
sinan selimoglu

Reputation: 113

You are looking for this code snippet;

       HTTPConduit httpConduit=(HTTPConduit)ClientProxy.getClient(SAMPLE_PORT).getConduit();
       TLSClientParameters tlsCP = new TLSClientParameters();
       tlsCP.setDisableCNCheck(true);
       httpConduit.setTlsClientParameters(tlsCP);

Always use this code in test environment.!

Upvotes: 7

Related Questions