Hostname verification enabled for Http Clients when using TLS connect…

…ions (#111) (cherry picked from commit fe34ef1)
folio-org · Sep 3, 2024 · fe5a30c · fe5a30c
1 parent 475100f
commit fe5a30c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -31,7 +31,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <bc-fips.version>1.0.2.5</bc-fips.version>
-    <folio-tls-utils.version>1.5.2</folio-tls-utils.version>
+    <folio-tls-utils.version>1.5.6-SNAPSHOT</folio-tls-utils.version>
   </properties>
 
   <dependencyManagement>
@@ -154,6 +154,20 @@
       <groupId>org.folio</groupId>
       <artifactId>folio-tls-utils</artifactId>
       <version>${folio-tls-utils.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId> org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId> org.springframework.boot</groupId>
+          <artifactId>spring-boot</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId> org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter-log4j2</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- Only needed for VaultStore -->

diff --git a/src/main/java/org/folio/edge/core/utils/OkapiClient.java b/src/main/java/org/folio/edge/core/utils/OkapiClient.java
@@ -24,6 +24,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.function.Supplier;
 
+import static org.folio.common.utils.tls.Utils.IS_HOSTNAME_VERIFICATION_DISABLED;
 import static org.folio.edge.core.Constants.APPLICATION_JSON;
 import static org.folio.edge.core.Constants.HEADER_API_KEY;
 import static org.folio.edge.core.Constants.JSON_OR_TEXT;
@@ -85,7 +86,7 @@ protected OkapiClient(Vertx vertx, String okapiURL, String tenant, int timeout,
       .setSsl(true);
     if (trustOptions != null) {
       options.setTrustOptions(trustOptions);
-      options.setVerifyHost(false); //Hardcoded now. Later it could be configurable using env vars.
+      options.setVerifyHost(!IS_HOSTNAME_VERIFICATION_DISABLED);
     }
     client = WebClientFactory.getWebClient(vertx, options);
     initDefaultHeaders();