Skip TLS SAN checks in with self-signed trust strategy

fido-device-onboard · Sep 11, 2024 · 5ea1b66 · 5ea1b66
1 parent 47e699b
commit 5ea1b66
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/HttpClient.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/HttpClient.java
@@ -239,7 +239,7 @@ && index < getInstructions().size()
         if (getRequest().getMsgType() == MsgType.TO0_HELLO) {
           logger.info("Failed TO0 with error: " + e.getMessage());
         }
-        
+
         throw new IOException(e);
       }
 
@@ -281,6 +281,7 @@ public void run() {
 
       }
     } catch (IOException e) {
+      logger.info(e);
       throw new RuntimeException("Unable to establish connection with FDO Server");
     } catch (Throwable throwable) {
       if (getResponse() != null

diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/SelfSignedHttpClientSupplier.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/SelfSignedHttpClientSupplier.java
@@ -7,6 +7,8 @@
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -19,13 +21,18 @@ public class SelfSignedHttpClientSupplier implements HttpClientSupplier {
   private static final SSLConnectionSocketFactory socketFactory = buildFactory();
 
   static SSLConnectionSocketFactory buildFactory() {
+    HostnameVerifier hostnameVerifier = new HostnameVerifier() {
+        @Override
+        public boolean verify(String hostname, SSLSession session) {
+            return true;
+        }
+    };
 
     try {
       logger.warn("Using SSL self-signed certificate trust strategy for Http Clients");
       SSLContextBuilder builder = new SSLContextBuilder();
       builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
-      return new SSLConnectionSocketFactory(
-          builder.build());
+      return new SSLConnectionSocketFactory(builder.build(), hostnameVerifier);
     } catch (NoSuchAlgorithmException e) {
       throw new RuntimeException(e);
     } catch (KeyStoreException | KeyManagementException e) {