Petals BC SOAP

Add a parameter to disable the hostname verification against the CN of the SSL certificate

Details

  • Type: Improvement Request Improvement Request
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 5.2.0
  • Fix Version/s: 5.2.1
  • Component/s: Configuration, Provider mode
  • Security Level: Public
  • Description:
    Hide

    Moving Axis2 to its version 2.0.0 bumps Apache HTTP Client to its version 5. And this new version of Apache HTTP client introduce by default a verification of the server hostname (DNS) against the CN of the associated SSL certificate.

    So, please can you introduce a parameter to disable this verification at service provider level: https-hostname-verification-enabled

    Show
    Moving Axis2 to its version 2.0.0 bumps Apache HTTP Client to its version 5. And this new version of Apache HTTP client introduce by default a verification of the server hostname (DNS) against the CN of the associated SSL certificate. So, please can you introduce a parameter to disable this verification at service provider level: https-hostname-verification-enabled
  • Environment:
    -

Activity

Ascending order - Click to sort in descending order
Christophe DENEUX made changes - Tue, 3 Mar 2026 - 13:01:43 +0100
Field Original Value New Value
Status New [ 10000 ] Open [ 10002 ]
Priority Major [ 3 ]
Christophe DENEUX made changes - Tue, 3 Mar 2026 - 13:01:45 +0100
Status Open [ 10002 ] In Progress [ 10003 ]
Christophe DENEUX made changes - Tue, 3 Mar 2026 - 13:09:40 +0100
Description Moving Axis2 to its version 2.0.0 bumps Apache HTTP Client to its version 5. And this new version of Apache HTTP client introduce by default a verification of the server hostname (DNS) against the CN of the associated SSL certificate.

So, introduce a parameter to disable this verification at service provider level: {{https-enable-hostname-verifier}} 		Moving Axis2 to its version 2.0.0 bumps Apache HTTP Client to its version 5. And this new version of Apache HTTP client introduce by default a verification of the server hostname (DNS) against the CN of the associated SSL certificate.

So, introduce a parameter to disable this verification at service provider level: {{https-hostname-verification-enabled}}
Christophe DENEUX made changes - Tue, 3 Mar 2026 - 14:32:04 +0100
Status In Progress [ 10003 ] Resolved [ 10004 ]
Fix Version/s 5.2.1 [ 11253 ]
Resolution Fixed [ 1 ]
Christophe DENEUX made changes - Tue, 3 Mar 2026 - 14:32:19 +0100
Description Moving Axis2 to its version 2.0.0 bumps Apache HTTP Client to its version 5. And this new version of Apache HTTP client introduce by default a verification of the server hostname (DNS) against the CN of the associated SSL certificate.

So, introduce a parameter to disable this verification at service provider level: {{https-hostname-verification-enabled}} 		Moving Axis2 to its version 2.0.0 bumps Apache HTTP Client to its version 5. And this new version of Apache HTTP client introduce by default a verification of the server hostname (DNS) against the CN of the associated SSL certificate.

So, please can you introduce a parameter to disable this verification at service provider level: {{https-hostname-verification-enabled}}

People

Dates

  • Created:
    Tue, 3 Mar 2026 - 13:01:35 +0100
    Updated:
    Tue, 3 Mar 2026 - 14:32:19 +0100
    Resolved:
    Tue, 3 Mar 2026 - 14:32:04 +0100
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Petals ESB. Try JIRA - bug tracking software for your team.