Deprecate tls#hostnameVerification

Now set up with Netty's SslContextBuilder#endpointIdentificationAlgorithm(String).

Author: acogoluegnes

src/docs/asciidoc/api.adoc

@@ -88,10 +88,9 @@ TLS can be enabled by using the `rabbitmq-stream+tls` scheme in the URI.
 The default TLS port is 5551.
 
 Use the `EnvironmentBuilder#tls` method to configure TLS.
-The most important setting is a `io.netty.handler.ssl.SslContext` instance,
-which is created and configured with the
-`io.netty.handler.ssl.SslContext#forClient` method. Note hostname verification
-is enabled by default.
+The most important setting is a `io.netty.handler.ssl.SslContext` instance, which is created and configured with the
+`io.netty.handler.ssl.SslContext#forClient` method.
+Note hostname verification is enabled by default.
 
 The following snippet shows a common configuration, whereby
 the client is instructed to trust servers with certificates
@@ -242,15 +241,10 @@ Used as a prefix for connection names.
 |Configuration helper for TLS.
 |TLS is enabled if a `rabbitmq-stream+tls` URI is provided.
 
-|`tls#hostnameVerification`
-|Enable or disable hostname verification.
-|Enabled by default.
-
 |`tls#sslContext`
 |Set the `io.netty.handler.ssl.SslContext` used for the TLS connection.
 Use `io.netty.handler.ssl.SslContextBuilder#forClient` to configure it.
-The server certificate chain and the client private key are the typical
-elements that need to be configured.
+The server certificate chain, the client private key, and hostname verification are the usual elements that need to be configured.
 |The JDK trust manager and no client private key.
 
 |`tls#trustEverything`

src/main/java/com/rabbitmq/stream/EnvironmentBuilder.java

@@ -442,25 +442,31 @@ interface TlsConfiguration {
      * <p>Hostname verification is enabled by default.
      *
      * @return the TLS configuration helper
+     * @deprecated use {@link SslContextBuilder#endpointIdentificationAlgorithm(String)} with {@link
+     *     #sslContext(SslContext)}
      */
+    @Deprecated(forRemoval = true)
     TlsConfiguration hostnameVerification();
 
     /**
      * Enable or disable hostname verification.
      *
      * <p>Hostname verification is enabled by default.
      *
-     * @param hostnameVerification
+     * @param hostnameVerification whether to enable hostname verification or not
      * @return the TLS configuration helper
+     * @deprecated use {@link SslContextBuilder#endpointIdentificationAlgorithm(String)} with {@link
+     *     #sslContext(SslContext)}
      */
+    @Deprecated(forRemoval = true)
     TlsConfiguration hostnameVerification(boolean hostnameVerification);
 
     /**
      * Netty {@link SslContext} for TLS connections.
      *
      * <p>Use {@link SslContextBuilder#forClient()} to configure and create an instance.
      *
-     * @param sslContext
+     * @param sslContext the SSL context
      * @return the TLS configuration helper
      */
     TlsConfiguration sslContext(SslContext sslContext);

src/main/java/com/rabbitmq/stream/impl/Client.java

@@ -96,9 +96,7 @@
 import java.util.function.Consumer;
 import java.util.function.Supplier;
 import java.util.function.ToLongFunction;
-import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLHandshakeException;
-import javax.net.ssl.SSLParameters;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -280,13 +278,6 @@ public void initChannel(SocketChannel ch) {
               SslHandler sslHandler =
                   parameters.sslContext.newHandler(ch.alloc(), parameters.host, parameters.port);
 
-              if (parameters.tlsHostnameVerification) {
-                SSLEngine sslEngine = sslHandler.engine();
-                SSLParameters sslParameters = sslEngine.getSSLParameters();
-                sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
-                sslEngine.setSSLParameters(sslParameters);
-              }
-
               ch.pipeline().addFirst("ssl", sslHandler);
             }
             channelCustomizer.accept(ch);
@@ -2375,7 +2366,6 @@ public static class ClientParameters {
     private ChunkChecksum chunkChecksum = JdkChunkChecksum.CRC32_SINGLETON;
     private MetricsCollector metricsCollector = NoOpMetricsCollector.SINGLETON;
     private SslContext sslContext;
-    private boolean tlsHostnameVerification = true;
     private ByteBufAllocator byteBufAllocator;
     private Duration rpcTimeout;
     private Consumer<Channel> channelCustomizer = noOpConsumer();
@@ -2532,11 +2522,6 @@ public ClientParameters sslContext(SslContext sslContext) {
       return this;
     }
 
-    public ClientParameters tlsHostnameVerification(boolean tlsHostnameVerification) {
-      this.tlsHostnameVerification = tlsHostnameVerification;
-      return this;
-    }
-
     public ClientParameters compressionCodecFactory(
         CompressionCodecFactory compressionCodecFactory) {
       this.compressionCodecFactory = compressionCodecFactory;

src/main/java/com/rabbitmq/stream/impl/StreamEnvironment.java

@@ -129,12 +129,13 @@ class StreamEnvironment implements Environment {
       try {
         SslContext sslContext =
             tlsConfiguration.sslContext() == null
-                ? SslContextBuilder.forClient().build()
+                ? SslContextBuilder.forClient()
+                    .endpointIdentificationAlgorithm(
+                        tlsConfiguration.hostnameVerificationEnabled() ? "HTTPS" : null)
+                    .build()
                 : tlsConfiguration.sslContext();
 
         clientParametersPrototype.sslContext(sslContext);
-        clientParametersPrototype.tlsHostnameVerification(
-            tlsConfiguration.hostnameVerificationEnabled());
 
       } catch (SSLException e) {
         throw new StreamException("Error while creating Netty SSL context", e);

src/main/java/com/rabbitmq/stream/impl/StreamEnvironmentBuilder.java

@@ -373,12 +373,14 @@ private DefaultTlsConfiguration(EnvironmentBuilder environmentBuilder) {
     }
 
     @Override
+    @SuppressWarnings("removal")
     public TlsConfiguration hostnameVerification() {
       this.hostnameVerification = true;
       return this;
     }
 
     @Override
+    @SuppressWarnings("removal")
     public TlsConfiguration hostnameVerification(boolean hostnameVerification) {
       this.hostnameVerification = hostnameVerification;
       return this;
@@ -400,6 +402,7 @@ public TlsConfiguration trustEverything() {
         this.sslContext(
             SslContextBuilder.forClient()
                 .trustManager(Utils.TRUST_EVERYTHING_TRUST_MANAGER)
+                .endpointIdentificationAlgorithm("NONE")
                 .build());
       } catch (SSLException e) {
         throw new StreamException("Error while creating Netty SSL context", e);

src/test/java/com/rabbitmq/stream/impl/TlsTest.java

@@ -295,12 +295,12 @@ void hostnameVerificationShouldFailWhenSettingHostToLoopbackInterface() throws E
   @Test
   void shouldConnectWhenSettingHostToLoopbackInterfaceAndDisablingHostnameVerification()
       throws Exception {
-    SslContext context = SslContextBuilder.forClient().trustManager(caCertificate()).build();
-    cf.get(
-        new ClientParameters()
-            .sslContext(context)
-            .host("127.0.0.1")
-            .tlsHostnameVerification(false));
+    SslContext context =
+        SslContextBuilder.forClient()
+            .endpointIdentificationAlgorithm(null)
+            .trustManager(caCertificate())
+            .build();
+    cf.get(new ClientParameters().sslContext(context).host("127.0.0.1"));
   }
 
   @Test