Don't verify host name when sslVerify is false
Native git also doesn't verify host names when http.sslVerify=false.
See native git's commit a5ccc597.
See: http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02047.html
Change-Id: I42f509fea8e4ac89fad646aec3dfbf1753ae7e3d
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
index 12a94fa..9816d97 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransportHttp.java
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008-2010, Google Inc.
* Copyright (C) 2008, Shawn O. Pearce <spearce@spearce.org>
+ * Copyright (C) 2013, Matthias Sohn <matthias.sohn@sap.com>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
@@ -83,8 +84,10 @@
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
+import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
@@ -532,6 +535,7 @@ private void disableSslVerify(URLConnection conn)
ctx.init(null, trustAllCerts, null);
final HttpsURLConnection sslConn = (HttpsURLConnection) conn;
sslConn.setSSLSocketFactory(ctx.getSocketFactory());
+ sslConn.setHostnameVerifier(new DummyHostnameVerifier());
} catch (KeyManagementException e) {
throw new IOException(e.getMessage());
} catch (NoSuchAlgorithmException e) {
@@ -980,4 +984,11 @@ public void checkServerTrusted(X509Certificate[] certs, String authType) {
// no check
}
}
+
+ private static class DummyHostnameVerifier implements HostnameVerifier {
+ public boolean verify(String hostname, SSLSession session) {
+ // always accept
+ return true;
+ }
+ }
}
