Comments (5)
Hello,
Thank you for your input regarding the unsafe hostname verifier and trustmanager. My intention was to provide information to the enduser when they use it. It is unsafe and I thought it would be good for their monitoring by logging which client/server they allow. This this especially handy when they want to analyse the logs for an audit for example within an enterprise environment.
I can understand you and your frustration and there are multiple ways to solve this issue and you mentioned already one by setting the log level to debug in the library. There is also another way by turning off the logs for a specific class regardless of their log level. Have you tried it out?
If you are using logback
your configuration would look like:
<configuration>
<logger name="nl.altindag.ssl.hostnameverifier.UnsafeHostnameVerifier" level="OFF"/>
<logger name="nl.altindag.ssl.trustmanager.UnsafeX509ExtendedTrustManager" level="OFF"/>
</configuration>
What logging implementation are you using? I can help you with the actually configuration.
from sslcontext-kickstart.
i am deploying code on an application server where i don't have control over the logging infrastructure. changing/disabling the logger is not an option for me.
for the moment i bypassed the issue by simply using a custom hostname verifier and trustmanager which does the same except for logging. if there would be official support to disable the logging or alternatively offer two implementations of the unsafe classes with and without logging this would allow me to get rid of local implementations.
two implementations could be used as simple as this:
default with logging:
.withTrustingAllCertificatesWithoutValidation()
without logging:
.withTrustingAllCertificatesWithoutValidationAndLogging()
and the same for hostnameverifier
from sslcontext-kickstart.
I have created a pull request which removes all logging within the UnsafeTrustManager and UnsafeHostnameVerifier. After rethinking this use case it indeed a bit verbose for the end-user to get all these warning logs as the end-user already has decided upfront to use the Unsafe variant so additional logs would be not needed to inform them. Please let me know if the adjusted code would do the trick for you
from sslcontext-kickstart.
looks good. thanks
from sslcontext-kickstart.
The changes will be available at version 7.0.2 today
from sslcontext-kickstart.
Related Issues (20)
- Dependency on bcpkix-jdk15on introduces vulnerability CVE-2023-33201 HOT 2
- Disable "Acceptable client certificate CA names" on MTLS client connect.
- Hostname verifier doesn't work with JDK Http Client HOT 4
- No available authentication scheme HOT 8
- Add Support For `withoutProtocols` + `withoutCiphers` HOT 3
- Question about Classic Configuration Migration HOT 18
- When using pem utils v8.2.0 dependency in android, Duplicate class error in org.bouncycastle HOT 3
- Loading the keystore takes a very long time in some rare cases HOT 9
- JDK9+ jdeps error HOT 6
- Implementing Dynamic SSL Pinning Using Base64 Encoded Server Certificate? HOT 6
- PKIX path building failed (client-side) when using certificates from Let's Encyrpt HOT 9
- aarch64 macOS runner support HOT 6
- FTPs - None of the TrustManagers trust this certificate chain HOT 3
- Loading of System-Certificates takes long or forever when USB-Token Software is installed. HOT 8
- Trust Anchor not found on Android HOT 10
- Remove too verbose logs when loading system certificates HOT 7
- LoggingX509ExtendedTrustManager should log CertificateException HOT 3
- Add abiilty to load JDK cacerts file HOT 6
- Is SSLFactory thread safe? HOT 2
- Remove `bouncycastle` deps for `sslcontext-kickstart-for-pem` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslcontext-kickstart.