Enable host name verification for secure WebSocket client connections by

default.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1833757 13f79535-47bb-0310-9956-ffa450edef68

Author: markt-asf

java/org/apache/tomcat/websocket/WsWebSocketContainer.java

@@ -52,6 +52,7 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.TrustManagerFactory;
 import javax.websocket.ClientEndpoint;
 import javax.websocket.ClientEndpointConfig;
@@ -328,7 +329,7 @@ private Session connectToServerRecursive(Endpoint endpoint,
             // Regardless of whether a non-secure wrapper was created for a
             // proxy CONNECT, need to use TLS from this point on so wrap the
             // original AsynchronousSocketChannel
-            SSLEngine sslEngine = createSSLEngine(userProperties);
+            SSLEngine sslEngine = createSSLEngine(userProperties, host, port);
             channel = new AsyncChannelWrapperSecure(socketChannel, sslEngine);
         } else if (channel == null) {
             // Only need to wrap as this point if it wasn't wrapped to process a
@@ -866,7 +867,7 @@ private String readLine(ByteBuffer response) {
     }
 
 
-    private SSLEngine createSSLEngine(Map<String,Object> userProperties)
+    private SSLEngine createSSLEngine(Map<String,Object> userProperties, String host, int port)
             throws DeploymentException {
 
         try {
@@ -904,7 +905,7 @@ private SSLEngine createSSLEngine(Map<String,Object> userProperties)
                 }
             }
 
-            SSLEngine engine = sslContext.createSSLEngine();
+            SSLEngine engine = sslContext.createSSLEngine(host, port);
 
             String sslProtocolsValue =
                     (String) userProperties.get(Constants.SSL_PROTOCOLS_PROPERTY);
@@ -914,6 +915,14 @@ private SSLEngine createSSLEngine(Map<String,Object> userProperties)
 
             engine.setUseClientMode(true);
 
+            // Enable host verification
+            // Start with current settings (returns a copy)
+            SSLParameters sslParams = engine.getSSLParameters();
+            // Use HTTPS since WebSocket starts over HTTP(S)
+            sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+            // Write the parameters back
+            engine.setSSLParameters(sslParams);
+
             return engine;
         } catch (Exception e) {
             throw new DeploymentException(sm.getString(

webapps/docs/changelog.xml

@@ -277,6 +277,10 @@
         Improve the handling of exceptions during TLS handshakes for the
         WebSocket client. (markt)
       </fix>
+      <fix>
+        Enable host name verification when using TLS with the WebSocket client.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">

webapps/docs/web-socket-howto.xml

@@ -110,10 +110,21 @@
      <li><code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code></li>
    </ul>
    <p>The default truststore password is <code>changeit</code>.</p>
-   <p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is
-      set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and
-      <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties
-      will be ignored.</p>
+
+<p>If the <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> property is
+   set then the <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE</code> and
+   <code>org.apache.tomcat.websocket.SSL_TRUSTSTORE_PWD</code> properties
+   will be ignored.</p>
+
+<p>For secure server end points, host name verification is enabled by default.
+   To bypass this verification (not recommended), it is necessary to provide a
+   custom <code>SSLContext</code> via the
+   <code>org.apache.tomcat.websocket.SSL_CONTEXT</code> user property. The
+   custom <code>SSLContext</code> must be configured with a custom
+   <code>TrustManager</code> that extends
+   <code>javax.net.ssl.X509ExtendedTrustManager</code>. The desired verification
+   (or lack of verification) can then be controlled by appropriate
+   implementations of the individual abstract methods.</p>
 
 <p>When using the WebSocket client to connect to server endpoints, the number of
    HTTP redirects that the client will follow is controlled by the