diff --git a/bom/application/pom.xml b/bom/application/pom.xml index c4272b907e2afd..d09f497ce2cf33 100644 --- a/bom/application/pom.xml +++ b/bom/application/pom.xml @@ -139,7 +139,7 @@ 5.3.0 5.10.0 1.5.0 - 14.0.17.Final + 14.0.19.Final 4.6.5.Final 3.1.5 4.1.100.Final diff --git a/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java b/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java index 0690a1fbc23c35..53f90e5ad105e7 100644 --- a/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java +++ b/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java @@ -43,6 +43,8 @@ public void infinispanConnectionConfiguration() { assertThat(configuration.security().ssl().provider()).isEqualTo("SSL_prov"); assertThat(configuration.security().ssl().protocol()).isEqualTo("SSL_protocol"); assertThat(configuration.security().ssl().ciphers()).containsExactlyInAnyOrder("SSL_cipher1", "SSL_cipher2"); + assertThat(configuration.security().ssl().hostnameValidation()).isTrue(); + assertThat(configuration.security().ssl().sniHostName()).isEqualTo("sniHostName"); assertThat(configuration.clusters()).extracting("clusterName", "clientIntelligence") .containsExactly(tuple("bsite", ClientIntelligence.BASIC)); assertThat(configuration.clusters()).hasSize(1); diff --git a/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties b/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties index 54c95974449c33..2c2add6b4dceac 100644 --- a/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties +++ b/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties @@ -16,6 +16,9 @@ quarkus.infinispan-client.trust-store-type=JCEKS quarkus.infinispan-client.ssl-provider=SSL_prov quarkus.infinispan-client.ssl-protocol=SSL_protocol quarkus.infinispan-client.ssl-ciphers=SSL_cipher1,SSL_cipher2 +quarkus.infinispan-client.ssl-host-name-validation=true +quarkus.infinispan-client.sni-host-name=sniHostName + quarkus.infinispan-client.backup-cluster.bsite.hosts=bsite1:32111 quarkus.infinispan-client.backup-cluster.bsite.client-intelligence=BASIC diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java index 1b24793b36ccf0..f059793c929705 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java @@ -224,6 +224,14 @@ private ConfigurationBuilder builderFromProperties(String infinispanClientName, infinispanClientRuntimeConfig.sslCiphers.get().stream().collect(Collectors.joining(" "))); } + if (infinispanClientRuntimeConfig.sslHostNameValidation.isPresent()) { + properties.put(ConfigurationProperties.SSL_HOSTNAME_VALIDATION, infinispanClientRuntimeConfig.sslHostNameValidation.get()); + } + + if (infinispanClientRuntimeConfig.sniHostName.isPresent()) { + properties.put(ConfigurationProperties.SNI_HOST_NAME, infinispanClientRuntimeConfig.sniHostName.get()); + } + builder.withProperties(properties); if (infinispanClientRuntimeConfig.tracingPropagationEnabled.isPresent()) { diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java index 971d1a54dd26c1..1d341a35a48940 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java @@ -166,6 +166,19 @@ public class InfinispanClientRuntimeConfig { @ConfigItem Optional> sslCiphers; + /** + * Do SSL hostname validation. + * Defaults to true. + */ + @ConfigItem + Optional sslHostNameValidation; + + /** + * SNI host name. Mandatory when SSL is enabled and host name validation is true. + */ + @ConfigItem + Optional sniHostName; + /** * Whether a tracing propagation is enabled in case the Opentelemetry extension is present. * By default the propagation of the context is propagated from the client to the Infinispan Server.