Switch HostnameVerificationPolicy to BUILTIN by default

Author: ok2c

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestTlsHandshakeTimeout.java

@@ -26,6 +26,20 @@
  */
 package org.apache.hc.client5.testing.sync;
 
+import static java.lang.String.format;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.apache.hc.core5.util.ReflectionUtils.determineJRELevel;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
+
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
+
+import javax.net.ssl.SSLException;
+
 import org.apache.hc.client5.http.ConnectTimeoutException;
 import org.apache.hc.client5.http.classic.HttpClient;
 import org.apache.hc.client5.http.classic.methods.HttpGet;
@@ -37,26 +51,15 @@
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
+import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
 import org.apache.hc.client5.testing.SSLTestContexts;
 import org.apache.hc.client5.testing.tls.TlsHandshakeTimeoutServer;
 import org.apache.hc.core5.http.ClassicHttpRequest;
 import org.junit.jupiter.api.Timeout;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
 
-import javax.net.ssl.SSLException;
-import java.time.Duration;
-import java.time.temporal.ChronoUnit;
-
-import static java.lang.String.format;
-import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static java.util.concurrent.TimeUnit.SECONDS;
-import static org.apache.hc.core5.util.ReflectionUtils.determineJRELevel;
-import static org.junit.jupiter.api.Assertions.assertInstanceOf;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assumptions.assumeFalse;
-
 public class TestTlsHandshakeTimeout {
     private static final Duration EXPECTED_TIMEOUT = Duration.ofMillis(500);
 
@@ -69,7 +72,7 @@ void testTimeout(final boolean sendServerHello) throws Exception {
                 .setConnectTimeout(5, SECONDS)
                 .setSocketTimeout(5, SECONDS)
                 .build())
-            .setTlsSocketStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
+            .setTlsSocketStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext(), HostnameVerificationPolicy.CLIENT, NoopHostnameVerifier.INSTANCE))
             .setDefaultTlsConfig(TlsConfig.custom()
                 .setHandshakeTimeout(EXPECTED_TIMEOUT.toMillis(), MILLISECONDS)
                 .build())

httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java

@@ -97,9 +97,9 @@ abstract class AbstractClientTlsStrategy implements TlsStrategy, TlsSocketStrate
         this.supportedProtocols = supportedProtocols;
         this.supportedCipherSuites = supportedCipherSuites;
         this.sslBufferManagement = sslBufferManagement != null ? sslBufferManagement : SSLBufferMode.STATIC;
-        this.hostnameVerificationPolicy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy : HostnameVerificationPolicy.BOTH;
-        this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier :
-                (this.hostnameVerificationPolicy == HostnameVerificationPolicy.BUILTIN ? NoopHostnameVerifier.INSTANCE : HttpsSupport.getDefaultHostnameVerifier());
+        this.hostnameVerificationPolicy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy :
+                (hostnameVerifier != null ? HostnameVerificationPolicy.BOTH : HostnameVerificationPolicy.BUILTIN);
+        this.hostnameVerifier = hostnameVerifier;
     }
 
     /**

httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java

@@ -226,16 +226,13 @@ private DefaultClientTlsStrategy buildImpl() {
         }
         final HostnameVerificationPolicy hostnameVerificationPolicyCopy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy :
                 (hostnameVerifier == null ? HostnameVerificationPolicy.BUILTIN : HostnameVerificationPolicy.BOTH);
-        final HostnameVerifier hostnameVerifierCopy = hostnameVerifier != null ? hostnameVerifier :
-                (hostnameVerificationPolicyCopy == HostnameVerificationPolicy.CLIENT || hostnameVerificationPolicyCopy == HostnameVerificationPolicy.BOTH ?
-                        HttpsSupport.getDefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE);
         return new DefaultClientTlsStrategy(
                 sslContextCopy,
                 tlsVersionsCopy,
                 ciphersCopy,
                 sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC,
                 hostnameVerificationPolicyCopy,
-                hostnameVerifierCopy);
+                hostnameVerifier);
     }
 
 }

httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ConscryptClientTlsStrategy.java

@@ -54,8 +54,8 @@ public class ConscryptClientTlsStrategy extends AbstractClientTlsStrategy {
     public static TlsStrategy getDefault() {
         return new ConscryptClientTlsStrategy(
                 SSLContexts.createDefault(),
-                HostnameVerificationPolicy.BOTH,
-                HttpsSupport.getDefaultHostnameVerifier());
+                HostnameVerificationPolicy.BUILTIN,
+                null);
     }
 
     public static TlsStrategy getSystemDefault() {
@@ -64,8 +64,8 @@ public static TlsStrategy getSystemDefault() {
                 HttpsSupport.getSystemProtocols(),
                 HttpsSupport.getSystemCipherSuits(),
                 SSLBufferMode.STATIC,
-                HostnameVerificationPolicy.BOTH,
-                HttpsSupport.getDefaultHostnameVerifier());
+                HostnameVerificationPolicy.BUILTIN,
+                null);
     }
 
     public ConscryptClientTlsStrategy(
@@ -107,7 +107,7 @@ public ConscryptClientTlsStrategy(
     }
 
     public ConscryptClientTlsStrategy(final SSLContext sslContext) {
-        this(sslContext, HttpsSupport.getDefaultHostnameVerifier());
+        this(sslContext, null);
     }
 
     @Override

httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java

@@ -54,8 +54,8 @@ public class DefaultClientTlsStrategy extends AbstractClientTlsStrategy {
     public static DefaultClientTlsStrategy createDefault() {
         return new DefaultClientTlsStrategy(
                 SSLContexts.createDefault(),
-                HostnameVerificationPolicy.BOTH,
-                HttpsSupport.getDefaultHostnameVerifier());
+                HostnameVerificationPolicy.BUILTIN,
+                null);
     }
 
     /**
@@ -67,8 +67,8 @@ public static DefaultClientTlsStrategy createSystemDefault() {
                 HttpsSupport.getSystemProtocols(),
                 HttpsSupport.getSystemCipherSuits(),
                 SSLBufferMode.STATIC,
-                HostnameVerificationPolicy.BOTH,
-                HttpsSupport.getDefaultHostnameVerifier());
+                HostnameVerificationPolicy.BUILTIN,
+                null);
     }
 
     /**
@@ -127,7 +127,7 @@ public DefaultClientTlsStrategy(
             final String[] supportedCipherSuites,
             final SSLBufferMode sslBufferManagement,
             final HostnameVerifier hostnameVerifier) {
-        this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, HostnameVerificationPolicy.CLIENT, hostnameVerifier);
+        this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, null, hostnameVerifier);
     }
 
     public DefaultClientTlsStrategy(
@@ -147,7 +147,7 @@ public DefaultClientTlsStrategy(
     }
 
     public DefaultClientTlsStrategy(final SSLContext sslContext) {
-        this(sslContext, HttpsSupport.getDefaultHostnameVerifier());
+        this(sslContext, null);
     }
 
     @Override