Correct behaviour for +s and +ssc. +s enable hostname verfication whereas +ssc disables it. (#720)

gjmwoods · web-flow · commit ac6e6c6777b5 · 2020-06-02T09:41:29.000+01:00
diff --git a/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java b/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java
@@ -92,11 +92,11 @@ private SecurityPlan createSecurityPlanFromScheme( String scheme ) throws Genera
     {
         if ( isHighTrustScheme(scheme) )
         {
-            return SecurityPlanImpl.forSystemCASignedCertificates( trustStrategy.isHostnameVerificationEnabled() );
+            return SecurityPlanImpl.forSystemCASignedCertificates( true );
         }
         else
         {
-            return SecurityPlanImpl.forAllCertificates( trustStrategy.isHostnameVerificationEnabled() );
+            return SecurityPlanImpl.forAllCertificates( false );
         }
     }
 
diff --git a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java
@@ -75,9 +75,22 @@ void testSystemCertCompatibleConfiguration( String scheme ) throws Exception
         SSLContext defaultContext = SSLContext.getDefault();
 
         assertTrue( securityPlan.requiresEncryption() );
+        assertTrue( securityPlan.requiresHostnameVerification() );
         assertEquals( defaultContext, securityPlan.sslContext() );
     }
 
+    @ParameterizedTest
+    @MethodSource( "selfSignedSchemes" )
+    void testSelfSignedCertConfigDisablesHostnameVerification( String scheme ) throws Exception
+    {
+        SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder().build();
+
+        SecurityPlan securityPlan = securitySettings.createSecurityPlan( scheme );
+
+        assertTrue( securityPlan.requiresEncryption() );
+        assertFalse( securityPlan.requiresHostnameVerification() );
+    }
+
     @ParameterizedTest
     @MethodSource( "allSchemes" )
     void testThrowsOnUserCustomizedEncryption( String scheme )
@@ -156,7 +169,7 @@ void testConfiguredEncryption()
     }
 
     @Test
-    void testConfiguredAllCertificates() throws NoSuchAlgorithmException
+    void testConfiguredAllCertificates()
     {
         SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder()
                 .withEncryption()

Original file line number	Diff line number	Diff line change
`@@ -92,11 +92,11 @@ private SecurityPlan createSecurityPlanFromScheme( String scheme ) throws Genera`
`92`	`92`	`{`
`93`	`93`	`if ( isHighTrustScheme(scheme) )`
`94`	`94`	`{`
`95`		`- return SecurityPlanImpl.forSystemCASignedCertificates( trustStrategy.isHostnameVerificationEnabled() );`
	`95`	`+ return SecurityPlanImpl.forSystemCASignedCertificates( true );`
`96`	`96`	`}`
`97`	`97`	`else`
`98`	`98`	`{`
`99`		`- return SecurityPlanImpl.forAllCertificates( trustStrategy.isHostnameVerificationEnabled() );`
	`99`	`+ return SecurityPlanImpl.forAllCertificates( false );`
`100`	`100`	`}`
`101`	`101`	`}`
`102`	`102`