diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java index 56d1ffb5e37..31e82e65eac 100644 --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java @@ -65,7 +65,7 @@ public static class Builder> extends AbstractAppender.Build private SslConfiguration sslConfiguration; @PluginBuilderAttribute - private boolean verifyHostname = true; + private Boolean verifyHostname; @Override public HttpAppender build() { @@ -81,6 +81,15 @@ public HttpAppender build() { return null; // Return null if layout is missing } + if (verifyHostname != null) { + LOGGER.warn( + "`verifyHostname` attribute of `HttpAppender` is deprecated and ignored. Use a `TlsConfiguration` element to configure this attribute."); + } else if (sslConfiguration != null) { + verifyHostname = sslConfiguration.isVerifyHostName(); + } else { + verifyHostname = true; + } + final HttpManager httpManager = new HttpURLConnectionManager( getConfiguration(), getConfiguration().getLoggerContext(), @@ -123,7 +132,7 @@ public SslConfiguration getSslConfiguration() { } public boolean isVerifyHostname() { - return verifyHostname; + return Boolean.TRUE.equals(this.verifyHostname); } public B setUrl(final URL url) { @@ -156,6 +165,7 @@ public B setSslConfiguration(final SslConfiguration sslConfiguration) { return asBuilder(); } + @Deprecated public B setVerifyHostname(final boolean verifyHostname) { this.verifyHostname = verifyHostname; return asBuilder(); diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java index cb24113bd92..21861c09955 100644 --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java @@ -40,7 +40,7 @@ */ @NullMarked @Plugin(name = "Ssl", category = Core.CATEGORY_NAME, printObject = true) -public class SslConfiguration { +public class SslConfiguration implements TlsConfiguration { private static final StatusLogger LOGGER = StatusLogger.getLogger(); @@ -178,7 +178,7 @@ public static SslConfiguration createSSLConfiguration( @PluginElement("KeyStore") final KeyStoreConfiguration keyStoreConfig, @PluginElement("TrustStore") final TrustStoreConfiguration trustStoreConfig) { // @formatter:on - return new SslConfiguration(protocol, false, keyStoreConfig, trustStoreConfig); + return new SslConfiguration(protocol, true, keyStoreConfig, trustStoreConfig); } /** @@ -234,22 +234,27 @@ public boolean equals(final Object obj) { return true; } + @Override public String getProtocol() { return protocol; } + @Override public boolean isVerifyHostName() { return verifyHostName; } + @Override public KeyStoreConfiguration getKeyStoreConfig() { return keyStoreConfig; } + @Override public TrustStoreConfiguration getTrustStoreConfig() { return trustStoreConfig; } + @Override public SSLContext getSslContext() { return sslContext; } diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfigurationFactory.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfigurationFactory.java index 2da16b886d0..deb11513d97 100644 --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfigurationFactory.java +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfigurationFactory.java @@ -86,7 +86,7 @@ static SslConfiguration createSslConfiguration(final PropertiesUtil props) { } } if (trustStoreConfiguration != null || keyStoreConfiguration != null) { - final boolean isVerifyHostName = props.getBooleanProperty(verifyHostName, false); + final boolean isVerifyHostName = props.getBooleanProperty(verifyHostName, true); return SslConfiguration.createSSLConfiguration( null, keyStoreConfiguration, trustStoreConfiguration, isVerifyHostName); } diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/TlsConfiguration.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/TlsConfiguration.java new file mode 100644 index 00000000000..0d013282c49 --- /dev/null +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/TlsConfiguration.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.logging.log4j.core.net.ssl; + +import javax.net.ssl.SSLContext; + +public interface TlsConfiguration { + + String getProtocol(); + + boolean isVerifyHostName(); + + KeyStoreConfiguration getKeyStoreConfig(); + + TrustStoreConfiguration getTrustStoreConfig(); + + SSLContext getSslContext(); +}