0

I want to use my own TrustManager, i.e., X509TrustManager for checkServerTrusted method. Also, I need to do custom host name verification. I can see that in sslContextBuilder, it takes TrustManagerFactory. Here I want to pass my custom TrustManagerFactory.

Also, please suggest, how do I do custom hostname verification here.

Mosbius8
  • 119
  • 6
  • I am not sure what you are asking for... Just implement your own TrustManagerFactory that returns your X509TrustManager ? – Norman Maurer Dec 27 '18 at 08:38
  • thanks @NormanMaurer, the trust manager part is done. I am checking how do I do custom host name verification. I need SSLSession and server details to do this. Netty by default doesn't provide hostname verification parameter just like HTTPSUrlConnection. Please let me know, if you have any refrence. – Mosbius8 Dec 28 '18 at 09:20
  • We basically support the same abstraction as SSLEngine so whatever works there also works for netty. – Norman Maurer Dec 28 '18 at 14:08
  • Thanks for the update. For custom host name validation, I need a valid session with peer certificates. I tried at 3 placess. 1. While buidling SSL context. 2. When the channel was created and 3. At SSLHandshakeFuture Listener. Out of all, only 3rd options seems to have SSL session with peer certificate. Is there any way I can get these value at 1 or 2, as doing hostname verification after SSLHandshake is completed is not a very good idea. Please suggest. – Mosbius8 Dec 31 '18 at 03:08
  • Maybe I am missing something but shouldn't you be able to do this in the X509TrustManagerFactory with the `getHandshakeSession()` method ? Something similar to what the JDK implementation is doing https://github.com/AdoptOpenJDK/openjdk-jdk11u/blob/master/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java#L1583 – Norman Maurer Dec 31 '18 at 06:53

0 Answers0