quarkus Rest Client: Add property to skip hostname verification

trafficstars

Before these changes, we only can disable the hostname verification in Rest Client classic by providing the following property:

quarkus.rest-client.extensions-api.hostname-verifier=io.quarkus.restclient.NoopHostnameVerifier

However, this is not working in Rest Client reactive because setting a hostname verifier strategy is not supported by the Vert-x HTTP Client.

With these changes, we have added a new property in both Rest Client classic and reactive quarkus.rest-client.extensions-api.verify-host=true or false. In Rest Client classic, when disabling the verify host, internally it will add the NoopHostnameVerifier strategy. In Rest Client reactive, it will properly configure the Vert.x HTTP client to disable the hostname verification. Therefore, in both Rest Client implementations (classic and reactive), the behaviour is the same.

Fix https://github.com/quarkusio/quarkus/issues/27901

Sep 15 '22 07:09 Sgitario

@famod mind trying this out?

Sep 15 '22 09:09 geoand

@geoand I'd love to, but right now I'm standing in the middle of chaos because on the weekend we're finally relocating to our new house. So better not wait for me.

Sep 15 '22 10:09 famod

Hope all goes well with the move :)

Sep 15 '22 10:09 geoand

@Chexpir would you like to test this before we merge it?

Sep 15 '22 10:09 geoand

@geoand thanks for the proposition, no need to test it. I've reviewed the code and I trust that it will work! Anyway, it will be useful to know the process to build and test github branches, it might become handy in the future, as we are into Quarkus for the long term! (I have searched and could not find anything).

Sep 23 '22 06:09 Chexpir

I would say that the easiest way to checkout a Pull Request is following this. Once that is done, you can build it locally by following this.

Sep 23 '22 06:09 geoand

@Chexpir were you able to test this one?

Oct 19 '22 09:10 geoand

Were are we with this one?

I personally think we should get it in

Nov 01 '22 16:11 geoand

Were are we with this one?

I personally think we should get it in

My +100 to get it in.

Nov 02 '22 06:11 Sgitario

My last comment was to make sure we clearly say in the doc that skipping host name verification should not be used in prod ('use it to your own risk')

Nov 02 '22 06:11 cescoffier

We should 100% add that

Nov 02 '22 06:11 geoand

PR updated with adding this warning to the docs.

Nov 02 '22 07:11 Sgitario

:waning_crescent_moon: This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building d1280c2d18729f488afc20a63eb036b26abfbe71

Status	Name	Failures	Logs	Raw logs
:heavy_check_mark:	JVM Tests - JDK 11
:heavy_check_mark:	JVM Tests - JDK 17
✖	JVM Tests - JDK 17 MacOS M1	:warning: Check →	Logs	Raw logs
:heavy_check_mark:	JVM Tests - JDK 18

Nov 02 '22 08:11 quarkus-bot[bot]

Any updates on this pull request? I would like to proceed to merge it if everybody agrees.

Nov 15 '22 07:11 Sgitario

Hi, it would be awsome if you merged this PR 😄

Nov 29 '22 13:11 fasuke85

@Sgitario This issue is a blocker for us because we have to communicate with an HTTPS service over an ssh tunnel. Please merge :)

Nov 30 '22 15:11 oven

@gsmet any last words or should I dismiss the old review?

Nov 30 '22 15:11 geoand

Since the last CI run of this was a while ago, I rebased onto main.

Dec 05 '22 07:12 geoand

Failing Jobs - Building 941d3a6f7a1857d01a1a2b0eada67e3628895c0c

Status	Name	Step	Failures	Logs	Raw logs
:heavy_check_mark:	JVM Tests - JDK 11
:heavy_check_mark:	JVM Tests - JDK 17
✖	JVM Tests - JDK 17 MacOS M1	`Set up runner`	:warning: Check →	Logs	Raw logs
:heavy_check_mark:	JVM Tests - JDK 18

Dec 05 '22 09:12 quarkus-bot[bot]

quarkus quarkus copied to clipboard

Rest Client: Add property to skip hostname verification

Failing Jobs - Building d1280c2d18729f488afc20a63eb036b26abfbe71

Failing Jobs - Building 941d3a6f7a1857d01a1a2b0eada67e3628895c0c

quarkus
quarkus copied to clipboard