opendev/gerrit
Code Issues Proposed changes

Merge "ldap: ignore host name verification if not sslVerify for startTLS"

Browse Source
This commit is contained in:
David Pursehouse
2018-05-27 23:25:59 +00:00
committed by Gerrit Code Review
parent d2d2045574 cec93422c8
commit 294da1cf67
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/com/google/gerrit/server/auth/ldap/Helper.java
View File

@@ -24,6 +24,7 @@ import com.google.gerrit.server.account.AuthenticationFailedException;
import com.google.gerrit.server.auth.NoSuchUserException; import com.google.gerrit.server.auth.NoSuchUserException;
import com.google.gerrit.server.config.ConfigUtil; import com.google.gerrit.server.config.ConfigUtil;
import com.google.gerrit.server.config.GerritServerConfig; import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.util.ssl.BlindHostnameVerifier;
import com.google.gerrit.util.ssl.BlindSSLSocketFactory; import com.google.gerrit.util.ssl.BlindSSLSocketFactory;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Singleton; import com.google.inject.Singleton;
@@ -139,6 +140,7 @@ class Helper {
SSLSocketFactory sslfactory = null; SSLSocketFactory sslfactory = null;
if (!sslVerify) { if (!sslVerify) {
sslfactory = (SSLSocketFactory) BlindSSLSocketFactory.getDefault(); sslfactory = (SSLSocketFactory) BlindSSLSocketFactory.getDefault();
tls.setHostnameVerifier(BlindHostnameVerifier.getInstance());
} }
tls.negotiate(sslfactory); tls.negotiate(sslfactory);
ctx.addToEnvironment(STARTTLS_PROPERTY, tls); ctx.addToEnvironment(STARTTLS_PROPERTY, tls);

33
java/com/google/gerrit/util/ssl/BlindHostnameVerifier.java Normal file
View File

@@ -0,0 +1,33 @@
// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.util.ssl;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
/** HostnameVerifier that ignores host name. */
public class BlindHostnameVerifier implements HostnameVerifier {
private static final HostnameVerifier INSTANCE = new BlindHostnameVerifier();
public static HostnameVerifier getInstance() {
return INSTANCE;
}
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}