From f80ccbbb57367f739fc8390a5669b0a1d4f82535 Mon Sep 17 00:00:00 2001
From: M Sazzadul Hoque <7600764+sazzad16@users.noreply.github.com>
Date: Sun, 24 Nov 2024 17:54:53 +0600
Subject: [PATCH] Limit HostnameVerifier only for legacy ssl config

and document as JavaDoc in JedisClientConfig
---
 .../clients/jedis/DefaultJedisSocketFactory.java      | 11 +++++++----
 .../java/redis/clients/jedis/JedisClientConfig.java   | 11 ++++++-----
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java b/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
index 564e409b98..ae9379d0c3 100644
--- a/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
+++ b/src/main/java/redis/clients/jedis/DefaultJedisSocketFactory.java
@@ -144,10 +144,13 @@ private Socket createSslSocket(HostAndPort _hostAndPort, Socket socket) throws I
       sslSocket.setSSLParameters(_sslParameters);
     }
 
-    if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
-      String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
-          _hostAndPort.getHost());
-      throw new JedisConnectionException(message);
+    if (sslOptions != null) {
+      // limiting HostnameVerifier only for legacy ssl config
+      if (hostnameVerifier != null && !hostnameVerifier.verify(_hostAndPort.getHost(), sslSocket.getSession())) {
+        String message = String.format("The connection to '%s' failed ssl/tls hostname verification.",
+            _hostAndPort.getHost());
+        throw new JedisConnectionException(message);
+      }
     }
 
     return new SSLSocketWrapper(sslSocket, plainSocket);
diff --git a/src/main/java/redis/clients/jedis/JedisClientConfig.java b/src/main/java/redis/clients/jedis/JedisClientConfig.java
index 1c99195308..4bbdba1f6f 100644
--- a/src/main/java/redis/clients/jedis/JedisClientConfig.java
+++ b/src/main/java/redis/clients/jedis/JedisClientConfig.java
@@ -73,8 +73,13 @@ default SSLParameters getSslParameters() {
     return null;
   }
 
+  default HostnameVerifier getHostnameVerifier() {
+    return null;
+  }
+
   /**
-   * {@link JedisClientConfig#isSsl()} and {@link JedisClientConfig#getSslSocketFactory()} will be ignored if
+   * {@link JedisClientConfig#isSsl()}, {@link JedisClientConfig#getSslSocketFactory()} and
+   * {@link JedisClientConfig#getHostnameVerifier()} will be ignored if
    * {@link JedisClientConfig#getSslOptions() this} is set.
    * @return ssl options
    */
@@ -82,10 +87,6 @@ default SslOptions getSslOptions() {
     return null;
   }
 
-  default HostnameVerifier getHostnameVerifier() {
-    return null;
-  }
-
   default HostAndPortMapper getHostAndPortMapper() {
     return null;
   }