Bring back HostnameVerifier classes used in Pekko < v2 and Akka <= v2.8

Author: mkurz

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/DefaultHostnameVerifier.scala

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2015 - 2025 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl
+
+import java.security.cert.Certificate
+import java.security.Principal
+import javax.net.ssl.HostnameVerifier
+import javax.net.ssl.SSLSession
+
+import com.typesafe.sslconfig.util.LoggerFactory
+import sun.security.util.HostnameChecker
+
+@deprecated(
+  "DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property.",
+  "0.4.0"
+)
+class DefaultHostnameVerifier(mkLogger: LoggerFactory) extends HostnameVerifier {
+  private val logger = mkLogger(getClass)
+
+  def hostnameChecker: HostnameChecker = {
+    logger.warn(
+      "DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property."
+    )
+    HostnameChecker.getInstance(HostnameChecker.TYPE_TLS)
+  }
+
+  def matchKerberos(hostname: String, principal: Principal) = {
+    logger.warn(
+      "DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property."
+    )
+    true
+  }
+
+  def isKerberos(principal: Principal): Boolean = {
+    logger.warn(
+      "DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property."
+    )
+    true
+  }
+
+  def verify(hostname: String, session: SSLSession): Boolean = {
+    logger.warn(
+      "DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property."
+    )
+    true
+  }
+
+  /** INTERNAL API */
+  def matchCertificates(hostname: String, peerCertificates: Array[Certificate]): Boolean = {
+    logger.warn(
+      "DefaultHostnameVerifier has been deprecated and does nothing.  Please use the javax.net.debug system property."
+    )
+    true
+  }
+}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/DisabledComplainingHostnameVerifier.scala

@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2015 - 2025 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl
+
+import javax.net.ssl.HostnameVerifier
+import javax.net.ssl.SSLSession
+
+import com.typesafe.sslconfig.util.LoggerFactory
+
+/**
+ * Add a disabled but complaining hostname verifier.
+ */
+class DisabledComplainingHostnameVerifier(mkLogger: LoggerFactory) extends HostnameVerifier {
+
+  private val logger = mkLogger(getClass)
+
+  private val defaultHostnameVerifier = new NoopHostnameVerifier
+
+  override def verify(hostname: String, sslSession: SSLSession): Boolean = {
+    val hostNameMatches = defaultHostnameVerifier.verify(hostname, sslSession)
+    if (!hostNameMatches) {
+      // TODO fix config paths
+      val msg =
+        s"Hostname verification failed on hostname $hostname, " +
+          "but the connection was accepted because ssl-config.loose.disableHostnameVerification is enabled. " +
+          "Please fix the X.509 certificate on the host to remove this warning."
+      logger.warn(msg)
+    }
+    true
+  }
+}

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/NoopHostnameVerifier.scala

@@ -0,0 +1,12 @@
+/*
+ * Copyright (C) 2015 - 2025 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package com.typesafe.sslconfig.ssl
+
+import javax.net.ssl.HostnameVerifier
+import javax.net.ssl.SSLSession
+
+final class NoopHostnameVerifier extends HostnameVerifier {
+  def verify(hostname: String, sslSession: SSLSession): Boolean = true
+}