From what I can tell, there is no 'flag' or config setting I can use to enable SSL hostname verification in Netty. Examples I've seen add custom implementations using the ChannelFuture returned by SslHandler.handshake():
ChannelFuture handshakeFuture = sslHandler.handshake();
handshakeFuture.addListener(new ChannelFutureListener()
{
public void operationComplete(ChannelFuture future) throws Exception
{
if (future.isSuccess())
{
// get peer certs, verify CN (or SAN extension, or..?) against requested domain
...
I just want to make sure I'm on the right track here, and that I'm not missing a way to simply "enable" hostname verification.
解决方案
If you're using Java 7, you can do this by configuring the SSLSocket or SSLEngine to do it for you via