diff --git a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java index eb5ae6c867c..8e3767c79eb 100644 --- a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java +++ b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java @@ -37,6 +37,7 @@ import io.netty.handler.codec.http.websocketx.WebSocketVersion; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslHandler; import org.apache.axiom.om.OMElement; import org.apache.axis2.AxisFault; import org.apache.axis2.description.Parameter; @@ -47,7 +48,9 @@ import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.websocket.transport.utils.SSLUtil; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.xml.namespace.QName; import java.net.URI; import java.util.Map; @@ -259,8 +262,19 @@ public WebSocketClientHandler cacheNewConnection(final String tenantDomain, protected void initChannel(SocketChannel ch) { ChannelPipeline p = ch.pipeline(); if (sslCtx != null) { - p.addLast(sslCtx.newHandler(ch.alloc(), host, port)); - } + SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), host, port); + Parameter wsEnableHostnameVerification = transportOut + .getParameter(WebsocketConstants.WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG); + if (wsEnableHostnameVerification != null + && wsEnableHostnameVerification.getValue() != null + && !wsEnableHostnameVerification.getValue().toString().isEmpty() + && Boolean.parseBoolean(wsEnableHostnameVerification.getValue().toString())) { + SSLEngine sslEngine = sslHandler.engine(); + SSLParameters sslParams = sslEngine.getSSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(sslParams); + } + p.addLast(sslHandler); } p.addLast(new HttpClientCodec(), new HttpObjectAggregator(8192), new WebSocketFrameAggregator(Integer.MAX_VALUE), handler); } diff --git a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java index d25cc88f0db..619af202af6 100644 --- a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java +++ b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java @@ -62,6 +62,7 @@ public class WebsocketConstants { public static final String WEBSOCKET_CUSTOM_HEADER_PREFIX = "websocket.custom.header."; public static final String WEBSOCKET_CUSTOM_HEADER_CONFIG = "ws.custom.header"; + public static final String WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG = "ws.client.enable.hostname.verification"; public static final String WEBSOCKET_SUBPROTOCOL = "websocket.subprotocol";