SSL Hostname Verifier for Camel Jetty using two way SSL
Issue
- We want to enable / disable SSL Hostname Verifier on our Camel Jetty HTTPS endpoint which is set up for two way SSL. How can we do that?
-
Is there a default SSL Hostname Verification implementation active? If so what is the behaviour of this implementation?
-
Our route looks something like:
from("jetty:https://0.0.0.0:8443/conext?sslContextParametersRef=#sslContextRef&handlers=org.eclipse.jetty.security.ConstraintSecurityHandler").......
It is pseudo code, because the Camel route is constructed using Java code and not using the Java Camel DSL.
The SSL Context Parameters is configured with:
SSLContextServerParameters serverParameters = new SSLContextServerParameters();
serverParameters.setClientAuthentication( ClientAuthentication.REQUIRE.toString() );
sslContextParameters.setServerParameters(serverParameters);
The endpoint is accessed by third party SSL clients which are required to submit their certificates.
- What is the default behaviour of the SSL Hostname Verifier when using Camel Jetty as mutual SSL consumer ? So will the Camel Jetty Consumer reject SSL clients for which the hostname does not match the SSL certificate ? Is a reverse DNS lookup performed ?
Environment
- Red Hat JBoss Fuse
- 6.2.x
- Apache Camel
- camel-jetty
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.