docker-java icon indicating copy to clipboard operation
docker-java copied to clipboard
verified publisher icon docker-java

DockerHttpClient (both zero-dep and apache) always use default hostname verifier

Open idontusenumbers opened this issue 1 year ago • 3 comments

Situation:

There is currently no way to use the docker-java library to connect to docker over TCP/HTTPS without using the default hostname verifier.

ApacheDockerHttpClient.Builder.build() eventually calls new SSLConnectionSocketFactory() leading to a default HttpsSupport.getDefaultHostnameVerifier() which requires Subject Alternative Names match the host/IP being used to connect.

Although possibly what many or most people want, this precludes certain use cases.

Target: ApacheDockerHttpClient construction is flexible enough to support a custom hostname verifier.

Proposal:

Add additional builder methods to ApacheDockerHttpClient.Builder to accept a custom hostname verifier.

idontusenumbers avatar Apr 04 '25 21:04 idontusenumbers

After looking at the code, stuffing a hostname verifier into the SSLConfig seems like a better path forward.

idontusenumbers avatar Apr 04 '25 22:04 idontusenumbers

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 19 '25 01:07 stale[bot]

PR is still pending

idontusenumbers avatar Jul 19 '25 01:07 idontusenumbers