From 6375dac39b482b5f213067dc8525fff5ead936ba Mon Sep 17 00:00:00 2001 From: David Harrigan Date: Tue, 21 May 2024 16:26:33 +0100 Subject: [PATCH] Allow NoopHostNameVerifier to be set for SOCKS Proxy It's useful, during testing, when using a SOCKS Proxy, to allow the HostnameVerifier to be set to a NoopHostNameVerifier - similar to how *non SOCKS proxy* connections allow this to be done. This change allows a NoopHostNameVerifier to be used if the key `:insecure` (or `:insecure?`) is set `true` in the config settings during `make-socks-proxied-conn-manager`. -=david=- --- src/clj_http/conn_mgr.clj | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/clj_http/conn_mgr.clj b/src/clj_http/conn_mgr.clj index 111c64ff..e281fd4e 100644 --- a/src/clj_http/conn_mgr.clj +++ b/src/clj_http/conn_mgr.clj @@ -37,10 +37,11 @@ "Given a function that returns a new socket, create an SSLConnectionSocketFactory that will use that socket." ([socket-factory] - (SSLGenericSocketFactory socket-factory nil)) - ([socket-factory ^SSLContext ssl-context] - (let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))] - (proxy [SSLConnectionSocketFactory] [ssl-context'] + (SSLGenericSocketFactory socket-factory nil nil)) + ([socket-factory ^SSLContext ssl-context ^HostnameVerifier hostname-verifier] + (let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault)) + ^HostnameVerifier hostname-verifier' (or hostname-verifier (DefaultHostnameVerifier.))] + (proxy [SSLConnectionSocketFactory] [ssl-context' hostname-verifier'] (connectSocket [timeout socket host remoteAddress localAddress context] (let [^SSLConnectionSocketFactory this this] ;; avoid reflection (proxy-super connectSocket timeout (socket-factory) host remoteAddress @@ -114,7 +115,7 @@ [] (-> (SSLContexts/custom) (.loadTrustMaterial nil (reify TrustStrategy - (isTrusted [_ chain auth-type] true))) + (isTrusted [_ chain auth-type] true))) (.build))) (defn ^SSLContext get-ssl-context @@ -150,7 +151,7 @@ (let [socket-factory #(socks-proxied-socket hostname port) registry (into-registry {"http" (PlainGenericSocketFactory socket-factory) - "https" (SSLGenericSocketFactory socket-factory (get-ssl-context config))})] + "https" (SSLGenericSocketFactory socket-factory (get-ssl-context config) (get-hostname-verifier config))})] (PoolingHttpClientConnectionManager. registry)))) (defn ^BasicHttpClientConnectionManager make-regular-conn-manager