-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
verify_hostname not set, name potentially not verified in many situations #284
Comments
there is verification going on by default in the Java engine (when |
which callback do you mean? AFAIK |
In CRuby, the
verify_hostname
property of the ssl context is set to true on the first set_params call:latest jruby-openssl doesn't do this though:
I could narrow it down to
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
having:verify_hostname
set tonil
, which I couldn't pinpoint the why. Nevertheless, ,this means that jruby-openssl enabled code like net-http is by default foregoing SNI / hostname verification, as it seems to rely on it to fill in the SNI parameters (and not just the post connection verificationn, as this comment implies.jruby: jruby 9.4.2.0 (3.1.0) 2023-03-08 90d2913fda Java HotSpot(TM) 64-Bit Server VM 25.333-b02 on 1.8.0_333-b02 +jit [x86_64-darwin]
jruby-openssl: 0.14.2
The text was updated successfully, but these errors were encountered: