From df043977de146e159eeea102bf935ffdbf121bfa Mon Sep 17 00:00:00 2001
From: Gregory Woods <gregory.woods@neo4j.com>
Date: Thu, 28 May 2020 14:40:26 +0100
Subject: [PATCH] Correct behaviour for +s and +ssc. +s enable hostname
 verfication whereas +ssc disables it.

---
 .../neo4j/driver/internal/SecuritySettings.java   |  4 ++--
 .../driver/internal/SecuritySettingsTest.java     | 15 ++++++++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java b/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java
index 1ea3c05ae9..0595366c6a 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java
@@ -92,11 +92,11 @@ private SecurityPlan createSecurityPlanFromScheme( String scheme ) throws Genera
     {
         if ( isHighTrustScheme(scheme) )
         {
-            return SecurityPlanImpl.forSystemCASignedCertificates( trustStrategy.isHostnameVerificationEnabled() );
+            return SecurityPlanImpl.forSystemCASignedCertificates( true );
         }
         else
         {
-            return SecurityPlanImpl.forAllCertificates( trustStrategy.isHostnameVerificationEnabled() );
+            return SecurityPlanImpl.forAllCertificates( false );
         }
     }
 
diff --git a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java
index 5547487850..1c301807a1 100644
--- a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java
+++ b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java
@@ -75,9 +75,22 @@ void testSystemCertCompatibleConfiguration( String scheme ) throws Exception
         SSLContext defaultContext = SSLContext.getDefault();
 
         assertTrue( securityPlan.requiresEncryption() );
+        assertTrue( securityPlan.requiresHostnameVerification() );
         assertEquals( defaultContext, securityPlan.sslContext() );
     }
 
+    @ParameterizedTest
+    @MethodSource( "selfSignedSchemes" )
+    void testSelfSignedCertConfigDisablesHostnameVerification( String scheme ) throws Exception
+    {
+        SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder().build();
+
+        SecurityPlan securityPlan = securitySettings.createSecurityPlan( scheme );
+
+        assertTrue( securityPlan.requiresEncryption() );
+        assertFalse( securityPlan.requiresHostnameVerification() );
+    }
+
     @ParameterizedTest
     @MethodSource( "allSchemes" )
     void testThrowsOnUserCustomizedEncryption( String scheme )
@@ -156,7 +169,7 @@ void testConfiguredEncryption()
     }
 
     @Test
-    void testConfiguredAllCertificates() throws NoSuchAlgorithmException
+    void testConfiguredAllCertificates()
     {
         SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder()
                 .withEncryption()