Turn off hostname verification for trustAllCertificates TrustStrategy (#1301)

injectives · web-flow · commit 8c54468172b1 · 2022-09-01T09:20:35.000+01:00
`Config.TrustStrategy.trustAllCertificates()` should return `TrustStrategy` with hostname verification turned off by default.

This update is part of behaviour unification among the official drivers.
diff --git a/driver/src/main/java/org/neo4j/driver/Config.java b/driver/src/main/java/org/neo4j/driver/Config.java
@@ -790,12 +790,14 @@ public static TrustStrategy trustSystemCertificates() {
 
         /**
          * Trust strategy for certificates that trust all certificates blindly. Suggested to only use this in tests.
+         * <p>
+         * This trust strategy comes with hostname verification turned off by default since driver version 5.0.
          *
          * @return an authentication config
          * @since 1.1
          */
         public static TrustStrategy trustAllCertificates() {
-            return new TrustStrategy(Strategy.TRUST_ALL_CERTIFICATES);
+            return new TrustStrategy(Strategy.TRUST_ALL_CERTIFICATES).withoutHostnameVerification();
         }
 
         /**
diff --git a/testkit-backend/src/main/java/neo4j/org/testkit/backend/messages/requests/StartTest.java b/testkit-backend/src/main/java/neo4j/org/testkit/backend/messages/requests/StartTest.java
@@ -62,13 +62,7 @@ public class StartTest implements TestkitRequest {
         COMMON_SKIP_PATTERN_TO_REASON.put(
                 "^.*\\.test_partial_summary_contains_updates$", "Does not contain updates because value is zero");
         COMMON_SKIP_PATTERN_TO_REASON.put("^.*\\.test_supports_multi_db$", "Database is None");
-        String skipMessage =
-                "This test expects hostname verification to be turned off when all certificates are trusted";
-        COMMON_SKIP_PATTERN_TO_REASON.put(
-                "^.*\\.TestTrustAllCertsConfig\\.test_trusted_ca_wrong_hostname$", skipMessage);
-        COMMON_SKIP_PATTERN_TO_REASON.put(
-                "^.*\\.TestTrustAllCertsConfig\\.test_untrusted_ca_wrong_hostname$", skipMessage);
-        skipMessage = "Driver handles connection acquisition timeout differently";
+        var skipMessage = "Driver handles connection acquisition timeout differently";
         COMMON_SKIP_PATTERN_TO_REASON.put(
                 "^.*\\.TestConnectionAcquisitionTimeoutMs\\.test_should_encompass_the_handshake_time.*$", skipMessage);
         COMMON_SKIP_PATTERN_TO_REASON.put(

Original file line number	Diff line number	Diff line change
`@@ -790,12 +790,14 @@ public static TrustStrategy trustSystemCertificates() {`
`790`	`790`
`791`	`791`	`/**`
`792`	`792`	`* Trust strategy for certificates that trust all certificates blindly. Suggested to only use this in tests.`
	`793`	`+ * <p>`
	`794`	`+ * This trust strategy comes with hostname verification turned off by default since driver version 5.0.`
`793`	`795`	`*`
`794`	`796`	`* @return an authentication config`
`795`	`797`	`* @since 1.1`
`796`	`798`	`*/`
`797`	`799`	`public static TrustStrategy trustAllCertificates() {`
`798`		`- return new TrustStrategy(Strategy.TRUST_ALL_CERTIFICATES);`
	`800`	`+ return new TrustStrategy(Strategy.TRUST_ALL_CERTIFICATES).withoutHostnameVerification();`
`799`	`801`	`}`
`800`	`802`
`801`	`803`	`/**`