TrustManager does not verify certificate or hostname

[wsargent]

I reviewed the code and noticed you have a TrustManager that does not validate the remote certificate -- let me know if you'd like me to submit a PR to configure it.

[sclasen]

Hey Will, I am assuming you are referring to the SSL object here

https://github.com/sclasen/akka-zk-cluster-seed/blob/master/src/main/scala/akka/cluster/seed/ExhibitorClient.scala#L80

That only is used if the validateCerts param is false in the exhibitor client.

https://github.com/sclasen/akka-zk-cluster-seed/blob/master/src/main/scala/akka/cluster/seed/ExhibitorClient.scala#L60-L62

So afaik, sprays default SSL stuff kicks in if validateCerts is true, and the SSL object is used if not.

If you saw this and this approach is broken, please PR :+1:

[wsargent]

Spray's default SSLEngine support doesn't enable hostname verification -- see https://github.com/spray/spray/blob/master/spray-io/src/main/scala/spray/io/SslTlsSupport.scala and http://tersesystems.com/2014/03/23/fixing-hostname-verification/

[sclasen]

Aha, great then PR please!

On Sun, Sep 28, 2014 at 5:50 PM, Will Sargent [email protected] wrote:

Spray's default SSLEngine support doesn't enable hostname verification -- see https://github.com/spray/spray/blob/master/spray-io/src/main/scala/spray/io/SslTlsSupport.scala and http://tersesystems.com/2014/03/23/fixing-hostname-verification/

— Reply to this email directly or view it on GitHub https://github.com/sclasen/akka-zk-cluster-seed/issues/2#issuecomment-57106849 .

[lustefaniak]

After release with akka-http it will work correctly using https://github.com/typesafehub/ssl-config/blob/master/ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/DefaultHostnameVerifier.scala