Is there a way for the standard java SSL sockets to disable hostname verfication for ssl connections with a property? The only way I found until now, is to write a hostname verifier which returns true all the time.
Weblogic provides this possibility, it is possible to disable the hostname verification with the following property:
-Dweblogic.security.SSL.ignoreHostnameVerify
解决方案
It should be possible to create custom java agent that overrides default HostnameVerifier:
import javax.net.ssl.*;
import java.lang.instrument.Instrumentation;
public class LenientHostnameVerifierAgent {
public static void premain(String args, Instrumentation inst) {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
}
Then just add -javaagent:LenientHostnameVerifierAgent.jar to program's java startup arguments.
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
