aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java8
1 files changed, 7 insertions, 1 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java
index c6a4fa41..ccbed5d9 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java
@@ -131,8 +131,14 @@ public class JerseyClient implements HttpClient {
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
if (this.selfSignedCerts) {
sslContext.init(null, NetworkUtil.getAlwaysTrustingManager(), new SecureRandom());
+
+ // This falls under self signed certs which is used for non-production testing environments where
+ // the hostname in the cert is unlikely to be crafted properly. We always return true for the
+ // hostname verifier. This causes a sonar vuln but we ignore it as it could cause problems in some
+ // testing environments.
clientBuilder =
- ClientBuilder.newBuilder().sslContext(sslContext).hostnameVerifier((host, session) -> true);
+ ClientBuilder.newBuilder().sslContext(sslContext).hostnameVerifier(
+ (host, session) -> true); //NOSONAR
} else {
sslContext.init(null, null, null);
clientBuilder = ClientBuilder.newBuilder().sslContext(sslContext);