Skip to content

Commit

Permalink
Make TLS client HTTPS endpoint identification configurable (#1375)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jfallows
jfallows authored Jan 20, 2025
1 parent e79de8f commit be81cc9
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
7 changes: 7 additions & 0 deletions ...ng-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/TlsConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ public class TlsConfiguration extends Configuration
public static final BooleanPropertyDef TLS_IGNORE_EMPTY_VAULT_REFS;
public static final LongPropertyDef TLS_AWAIT_SYNC_CLOSE_MILLIS;
public static final BooleanPropertyDef TLS_PROACTIVE_CLIENT_REPLY_BEGIN;
public static final BooleanPropertyDef TLS_CLIENT_HTTPS_IDENTIFICATION;
public static final BooleanPropertyDef TLS_VERBOSE;
public static final BooleanPropertyDef TLS_DEBUG;

Expand All @@ -40,6 +41,7 @@ public class TlsConfiguration extends Configuration
TLS_IGNORE_EMPTY_VAULT_REFS = config.property("ignore.empty.vault.refs", false);
TLS_AWAIT_SYNC_CLOSE_MILLIS = config.property("await.sync.close.millis", 3000L);
TLS_PROACTIVE_CLIENT_REPLY_BEGIN = config.property("proactive.client.reply.begin", false);
TLS_CLIENT_HTTPS_IDENTIFICATION = config.property("client.https.identification", true);
TLS_VERBOSE = config.property("verbose", TlsConfiguration::verboseDefault);
TLS_DEBUG = config.property("debug", TlsConfiguration::debugDefault);
TLS_CONFIG = config;
Expand Down Expand Up @@ -76,6 +78,11 @@ public boolean proactiveClientReplyBegin()
return TLS_PROACTIVE_CLIENT_REPLY_BEGIN.get(this);
}

public boolean clientHttpsIdentification()
{
return TLS_CLIENT_HTTPS_IDENTIFICATION.getAsBoolean(this);
}

public boolean verbose()
{
return TLS_VERBOSE.getAsBoolean(this);
Expand Down
9 changes: 8 additions & 1 deletion ...src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/config/TlsBindingConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ public final class TlsBindingConfig

private SSLContext context;

private boolean clientHttpsIdentification;

public TlsBindingConfig(
BindingConfig binding)
{
Expand Down Expand Up @@ -123,6 +125,7 @@ public void init(
context.init(keyManagers, trustManagers, random);

this.context = context;
this.clientHttpsIdentification = config.clientHttpsIdentification();
}
catch (Exception ex)
{
Expand Down Expand Up @@ -231,7 +234,11 @@ public SSLEngine newClientEngine(
}

final SSLParameters parameters = engine.getSSLParameters();
parameters.setEndpointIdentificationAlgorithm("HTTPS");

if (clientHttpsIdentification)
{
parameters.setEndpointIdentificationAlgorithm("HTTPS");
}

if (sni != null)
{
Expand Down

0 comments on commit be81cc9

Please sign in to comment.