diff --git a/documentation/src/main/java/amqp/customization/ClientProducers.java b/documentation/src/main/java/amqp/customization/ClientProducers.java
index bdf1871d13..bee572653e 100644
--- a/documentation/src/main/java/amqp/customization/ClientProducers.java
+++ b/documentation/src/main/java/amqp/customization/ClientProducers.java
@@ -24,7 +24,7 @@ public AmqpClientOptions getNamedOptions() {
.setPemKeyCertOptions(keycert)
.setPemTrustOptions(trust)
.addEnabledSaslMechanism("EXTERNAL")
- .setHostnameVerificationAlgorithm("")
+ .setHostnameVerificationAlgorithm("") // Disable hostname verification
.setConnectTimeout(30000)
.setReconnectInterval(5000)
.setContainerId("my-container");
diff --git a/documentation/src/main/java/mqtt/customization/ClientProducers.java b/documentation/src/main/java/mqtt/customization/ClientProducers.java
index 9c56056f68..972537c2de 100644
--- a/documentation/src/main/java/mqtt/customization/ClientProducers.java
+++ b/documentation/src/main/java/mqtt/customization/ClientProducers.java
@@ -23,7 +23,7 @@ public MqttClientSessionOptions getOptions() {
.setSsl(true)
.setPemKeyCertOptions(keycert)
.setPemTrustOptions(trust)
- .setHostnameVerificationAlgorithm("")
+ .setHostnameVerificationAlgorithm("HTTPS")
.setConnectTimeout(30000)
.setReconnectInterval(5000);
}
diff --git a/documentation/src/main/java/rabbitmq/customization/RabbitMQProducers.java b/documentation/src/main/java/rabbitmq/customization/RabbitMQProducers.java
index 1df8b04ba1..43d750fc02 100644
--- a/documentation/src/main/java/rabbitmq/customization/RabbitMQProducers.java
+++ b/documentation/src/main/java/rabbitmq/customization/RabbitMQProducers.java
@@ -25,7 +25,7 @@ public RabbitMQOptions getNamedOptions() {
.setSsl(true)
.setPemKeyCertOptions(keycert)
.setPemTrustOptions(trust)
- .setHostnameVerificationAlgorithm("")
+ .setHostnameVerificationAlgorithm("HTTPS")
.setConnectTimeout(30000)
.setReconnectInterval(5000);
}
diff --git a/pom.xml b/pom.xml
index 9e791eecc5..4ad3f59113 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,7 +61,7 @@
11
11
- 4.5.3
+ 4.5.4
2.2.21
1.1.0
5.1.2.Final
diff --git a/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/MqttConnector.java b/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/MqttConnector.java
index f01771a320..f00e0b5cfe 100644
--- a/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/MqttConnector.java
+++ b/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/MqttConnector.java
@@ -34,6 +34,7 @@
@ConnectorAttribute(name = "auto-keep-alive", type = "boolean", direction = INCOMING_AND_OUTGOING, description = "Set if the MQTT client must handle `PINGREQ` automatically", defaultValue = "true")
@ConnectorAttribute(name = "health-enabled", type = "boolean", direction = INCOMING_AND_OUTGOING, description = "Whether health reporting is enabled (default) or disabled", defaultValue = "true")
@ConnectorAttribute(name = "ssl", type = "boolean", direction = INCOMING_AND_OUTGOING, description = "Set whether SSL/TLS is enabled", defaultValue = "false")
+@ConnectorAttribute(name = "ssl.hostname-verification-algorithm", type = "string", direction = INCOMING_AND_OUTGOING, description = "Set the hostname verifier algorithm for the TLS connection.Accepted values are `HTTPS`, `LDAPS`, and `NONE` (defaults). `NONE` disables the hostname verification.", defaultValue = "NONE")
@ConnectorAttribute(name = "ssl.keystore.type", type = "string", direction = INCOMING_AND_OUTGOING, description = "Set the keystore type [`pkcs12`, `jks`, `pem`]", defaultValue = "pkcs12")
@ConnectorAttribute(name = "ssl.keystore.location", type = "string", direction = INCOMING_AND_OUTGOING, description = "Set the keystore location. In case of `pem` type this is the server ca cert path")
@ConnectorAttribute(name = "ssl.keystore.password", type = "string", direction = INCOMING_AND_OUTGOING, description = "Set the keystore password. In case of `pem` type this is the key path")
diff --git a/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/internal/MqttHelpers.java b/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/internal/MqttHelpers.java
index 4f334f4e54..2b9b01d617 100644
--- a/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/internal/MqttHelpers.java
+++ b/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/internal/MqttHelpers.java
@@ -43,6 +43,14 @@ private static MqttClientSessionOptions createMqttClientOptions(MqttConnectorCom
options.setPort(config.getPort().orElseGet(() -> config.getSsl() ? 8883 : 1883));
options.setReconnectDelay(getReconnectDelayOptions(config));
options.setSsl(config.getSsl());
+
+ String algorithm = config.getSslHostnameVerificationAlgorithm();
+ if ("NONE".equalsIgnoreCase(algorithm)) {
+ options.setHostnameVerificationAlgorithm("");
+ } else {
+ options.setHostnameVerificationAlgorithm(algorithm);
+ }
+
options.setKeyCertOptions(getKeyCertOptions(config));
options.setServerName(config.getServerName());
options.setTrustOptions(getTrustOptions(config));
@@ -53,6 +61,7 @@ private static MqttClientSessionOptions createMqttClientOptions(MqttConnectorCom
options.setWillRetain(config.getWillRetain());
options.setUnsubscribeOnDisconnect(config.getUnsubscribeOnDisconnection());
options.setMetricsName("mqtt|" + config.getChannel());
+
return options;
}
diff --git a/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/session/MqttClientSessionOptions.java b/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/session/MqttClientSessionOptions.java
index b975fc5fe9..4905652a0f 100644
--- a/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/session/MqttClientSessionOptions.java
+++ b/smallrye-reactive-messaging-mqtt/src/main/java/io/smallrye/reactive/messaging/mqtt/session/MqttClientSessionOptions.java
@@ -428,7 +428,11 @@ public MqttClientSessionOptions setReconnectInterval(long interval) {
@Override
public MqttClientSessionOptions setHostnameVerificationAlgorithm(String hostnameVerificationAlgorithm) {
- super.setHostnameVerificationAlgorithm(hostnameVerificationAlgorithm);
+ if ("NONE".equalsIgnoreCase(hostnameVerificationAlgorithm)) {
+ super.setHostnameVerificationAlgorithm("");
+ } else {
+ super.setHostnameVerificationAlgorithm(hostnameVerificationAlgorithm);
+ }
return this;
}
diff --git a/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/RabbitMQConnector.java b/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/RabbitMQConnector.java
index cd284101c1..cccdb95a22 100644
--- a/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/RabbitMQConnector.java
+++ b/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/RabbitMQConnector.java
@@ -50,6 +50,7 @@
@ConnectorAttribute(name = "port", direction = INCOMING_AND_OUTGOING, description = "The broker port", type = "int", alias = "rabbitmq-port", defaultValue = "5672")
@ConnectorAttribute(name = "addresses", direction = INCOMING_AND_OUTGOING, description = "The multiple addresses for cluster mode, when given overrides the host and port", type = "string", alias = "rabbitmq-addresses")
@ConnectorAttribute(name = "ssl", direction = INCOMING_AND_OUTGOING, description = "Whether or not the connection should use SSL", type = "boolean", alias = "rabbitmq-ssl", defaultValue = "false")
+@ConnectorAttribute(name = "ssl.hostname-verification-algorithm", type = "string", direction = INCOMING_AND_OUTGOING, description = "Set the hostname verifier algorithm for the TLS connection. Accepted values are `HTTPS`, and `NONE` (defaults). `NONE` disables the hostname verification.", defaultValue = "NONE")
@ConnectorAttribute(name = "trust-all", direction = INCOMING_AND_OUTGOING, description = "Whether to skip trust certificate verification", type = "boolean", alias = "rabbitmq-trust-all", defaultValue = "false")
@ConnectorAttribute(name = "trust-store-path", direction = INCOMING_AND_OUTGOING, description = "The path to a JKS trust store", type = "string", alias = "rabbitmq-trust-store-path")
@ConnectorAttribute(name = "trust-store-password", direction = INCOMING_AND_OUTGOING, description = "The password of the JKS trust store", type = "string", alias = "rabbitmq-trust-store-password")
diff --git a/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/internals/RabbitMQClientHelper.java b/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/internals/RabbitMQClientHelper.java
index 8a58f9072f..2a95977539 100644
--- a/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/internals/RabbitMQClientHelper.java
+++ b/smallrye-reactive-messaging-rabbitmq/src/main/java/io/smallrye/reactive/messaging/rabbitmq/internals/RabbitMQClientHelper.java
@@ -107,6 +107,12 @@ static RabbitMQOptions getClientOptions(Vertx vertx, RabbitMQConnectorCommonConf
.setUseNio(config.getUseNio())
.setVirtualHost(config.getVirtualHost());
+ if ("NONE".equals(config.getSslHostnameVerificationAlgorithm())) {
+ options.setHostnameVerificationAlgorithm("");
+ } else {
+ options.setHostnameVerificationAlgorithm(config.getSslHostnameVerificationAlgorithm());
+ }
+
// JKS TrustStore
Optional trustStorePath = config.getTrustStorePath();
if (trustStorePath.isPresent()) {