public interface

X509HostnameVerifier

implements HostnameVerifier
org.apache.http.conn.ssl.X509HostnameVerifier
Known Indirect Subclasses

Class Overview

Interface for checking if a hostname matches the names stored inside the server's X.509 certificate. Implements javax.net.ssl.HostnameVerifier, but we don't actually use that interface. Instead we added some methods that take String parameters (instead of javax.net.ssl.HostnameVerifier's SSLSession). JUnit is a lot easier this way! :-)

We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and HostnameVerifier.ALLOW_ALL implementations. But feel free to define your own implementation!

Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the HttpClient "contrib" repository.

Summary

Public Methods
abstract boolean verify(String host, SSLSession session)
Verifies that the specified hostname is allowed within the specified SSL session.
abstract void verify(String host, X509Certificate cert)
abstract void verify(String host, SSLSocket ssl)
abstract void verify(String host, String[] cns, String[] subjectAlts)
Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts.
[Expand]
Inherited Methods
From interface javax.net.ssl.HostnameVerifier

Public Methods

public abstract boolean verify (String host, SSLSession session)

Since: API Level 1

Verifies that the specified hostname is allowed within the specified SSL session.

Parameters
host the hostname.
session the SSL session of the connection.
Returns
  • true if the specified hostname is allowed, otherwise false.

public abstract void verify (String host, X509Certificate cert)

Since: API Level 1

Throws
SSLException

public abstract void verify (String host, SSLSocket ssl)

Since: API Level 1

Throws
IOException

public abstract void verify (String host, String[] cns, String[] subjectAlts)

Since: API Level 1

Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. Most implementations only look at the first CN, and ignore any additional CNs. Most implementations do look at all of the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards according to RFC 2818.

Parameters
host The hostname to verify.
cns CN fields, in order, as extracted from the X.509 certificate.
subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted from the X.509 certificate.
Throws
SSLException If verification failed.