From a07377180c0db9a1e18a7c80d3e16f7155d13259 Mon Sep 17 00:00:00 2001 From: idawda Date: Mon, 16 Dec 2024 19:33:29 +0530 Subject: [PATCH] Use NoopHostname verifier in IAST Apache client --- .../apache/httpclient/ApacheHttpClientWrapper.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java index 690a44dda..5e2d549a4 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java @@ -25,6 +25,7 @@ import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.socket.PlainConnectionSocketFactory; import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.ByteArrayEntity; import org.apache.http.entity.StringEntity; @@ -98,7 +99,7 @@ public ApacheHttpClientWrapper(int requestTimeoutInMillis) { .disableCookieManagement() .disableAuthCaching() .disableConnectionState() - .setSSLHostnameVerifier(new DefaultHostnameVerifier()) + .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) .setDefaultRequestConfig(RequestConfig.custom() // Timeout in millis until a connection is established. .setConnectTimeout(requestTimeoutInMillis) @@ -137,7 +138,7 @@ private static PoolingHttpClientConnectionManager createHttpClientConnectionMana RegistryBuilder.create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslContext != null ? - new SSLConnectionSocketFactory(sslContext) : SSLConnectionSocketFactory.getSocketFactory()) + new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE) : SSLConnectionSocketFactory.getSocketFactory()) .build()); // We only allow one connection at a time to the backend.