0

I have to make a request to a backend with TLS certificate and private key and in my troubleshooting I got error when using the same hostname in the Server Name Indication. See:

I got ERROR:

openssl s_client -connect endpoint.com:443 -servername endpoint.com

I got SUCCESS: 

openssl s_client -connect endpoint.com:443 -servername another_endpoint_name.com

But I can't find a way to change the server name indication in the TLS Handshake in the Apache Lib. Is it even possible?

Related question: How to set SNI (Server Name Indication) in TLS Handshake using Apache HttpComponents Java

Muzzamil
  • 2,823
  • 2
  • 11
  • 23
Bart
  • 251
  • 4
  • 10

1 Answers1

0

One can create a custom request route by using HttpHost with a resolved InetAddress.

Try out this code and let me know if that does the trick.

CloseableHttpClient httpClient = HttpClients.createSystem();
HttpHost host = new HttpHost(InetAddress.getByName("endpoint.com"), "another_endpoint_name.com", -1, "https");
try (CloseableHttpResponse response = httpClient.execute(host, new HttpGet("https://another_endpoint_name.com/stuff"))) {
    System.out.println(response.getStatusLine());
    EntityUtils.consume(response.getEntity());
}
ok2c
  • 26,450
  • 5
  • 63
  • 71
  • Unfortunately this code did not work because the IP Address is resolving the name "another_endpoint_name.com" and needs to resolve "endpoint.com". However, I could see that the Server Name Indication is set by the second parameter in the HttpHost constructor "hostname". I don't know why the IP Address is not set by InetAddress.getByName("endpoint.com") in the first parameter. Is this the correct behavior? https://hc.apache.org/httpcomponents-core-ga/httpcore/apidocs/org/apache/http/HttpHost.html – Bart Jan 21 '20 at 19:29
  • I have a suspicion that there is a problem with your DNS configuration. – ok2c Jan 22 '20 at 14:06
  • I think you're correct. I'll wait the Operations Team responsible of the host I need to connect to say what really needs to be configured. Thanks for your help! – Bart Jan 22 '20 at 14:20