SSL Hostname Verifier for Camel Jetty using two way SSL

Solution Verified - Updated -

Issue

  • We want to enable / disable SSL Hostname Verifier on our Camel Jetty HTTPS endpoint which is set up for two way SSL. How can we do that?
  • Is there a default SSL Hostname Verification implementation active? If so what is the behaviour of this implementation?

  • Our route looks something like:

from("jetty:https://0.0.0.0:8443/conext?sslContextParametersRef=#sslContextRef&handlers=org.eclipse.jetty.security.ConstraintSecurityHandler").......

It is pseudo code, because the Camel route is constructed using Java code and not using the Java Camel DSL.
The SSL Context Parameters is configured with:

            SSLContextServerParameters serverParameters = new SSLContextServerParameters();
            serverParameters.setClientAuthentication( ClientAuthentication.REQUIRE.toString() );
            sslContextParameters.setServerParameters(serverParameters);

The endpoint is accessed by third party SSL clients which are required to submit their certificates.

  • What is the default behaviour of the SSL Hostname Verifier when using Camel Jetty as mutual SSL consumer ? So will the Camel Jetty Consumer reject SSL clients for which the hostname does not match the SSL certificate ? Is a reverse DNS lookup performed ?

Environment

  • Red Hat JBoss Fuse
    • 6.2.x
  • Apache Camel
    • camel-jetty

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content