Allow NoopHostNameVerifier to be set for SOCKS Proxy

dharrigan · dharrigan · commit 6375dac39b48 · 2024-05-21T16:26:33.000+01:00
It's useful, during testing, when using a SOCKS Proxy, to allow the
HostnameVerifier to be set to a NoopHostNameVerifier - similar to how
*non SOCKS proxy* connections allow this to be done.

This change allows a NoopHostNameVerifier to be used if the key
`:insecure` (or `:insecure?`) is set `true` in the config settings
during `make-socks-proxied-conn-manager`.

-=david=-
diff --git a/src/clj_http/conn_mgr.clj b/src/clj_http/conn_mgr.clj
@@ -37,10 +37,11 @@
   "Given a function that returns a new socket, create an
   SSLConnectionSocketFactory that will use that socket."
   ([socket-factory]
-   (SSLGenericSocketFactory socket-factory nil))
-  ([socket-factory ^SSLContext ssl-context]
-   (let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))]
-     (proxy [SSLConnectionSocketFactory] [ssl-context']
+   (SSLGenericSocketFactory socket-factory nil nil))
+  ([socket-factory ^SSLContext ssl-context ^HostnameVerifier hostname-verifier]
+   (let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))
+         ^HostnameVerifier hostname-verifier' (or hostname-verifier (DefaultHostnameVerifier.))]
+     (proxy [SSLConnectionSocketFactory] [ssl-context' hostname-verifier']
        (connectSocket [timeout socket host remoteAddress localAddress context]
          (let [^SSLConnectionSocketFactory this this] ;; avoid reflection
            (proxy-super connectSocket timeout (socket-factory) host remoteAddress
@@ -114,7 +115,7 @@
   []
   (-> (SSLContexts/custom)
       (.loadTrustMaterial nil (reify TrustStrategy
-                            (isTrusted [_ chain auth-type] true)))
+                               (isTrusted [_ chain auth-type] true)))
       (.build)))
 
 (defn ^SSLContext get-ssl-context
@@ -150,7 +151,7 @@
    (let [socket-factory #(socks-proxied-socket hostname port)
          registry (into-registry
                    {"http" (PlainGenericSocketFactory socket-factory)
-                    "https" (SSLGenericSocketFactory socket-factory (get-ssl-context config))})]
+                    "https" (SSLGenericSocketFactory socket-factory (get-ssl-context config) (get-hostname-verifier config))})]
      (PoolingHttpClientConnectionManager. registry))))
 
 (defn ^BasicHttpClientConnectionManager make-regular-conn-manager
