Add reproducer for missing hostname verification

Traderjoe95 · Traderjoe95 · commit cc560717334f · 2024-03-11T16:07:23.000+01:00
diff --git a/vertx-pg-client/src/test/java/io/vertx/pgclient/TLSTest.java b/vertx-pg-client/src/test/java/io/vertx/pgclient/TLSTest.java
@@ -18,6 +18,9 @@
 package io.vertx.pgclient;
 
 import io.vertx.core.Vertx;
+import io.vertx.core.VertxOptions;
+import io.vertx.core.buffer.Buffer;
+import io.vertx.core.dns.AddressResolverOptions;
 import io.vertx.core.net.PemTrustOptions;
 import io.vertx.ext.unit.Async;
 import io.vertx.ext.unit.TestContext;
@@ -94,6 +97,54 @@ public void testTLSInvalidCertificate(TestContext ctx) {
     }));
   }
 
+  @Test
+  public void testTLSInvalidHostname(TestContext ctx) {
+    Async async = ctx.async();
+    PgConnection.connect(
+      vertx,
+      rule.options()
+        .setSslMode(SslMode.VERIFY_FULL)
+        // The hostname in the test certificate is thebrain.ca, so 'localhost' should make for a failed connection
+        .setHost("localhost")
+        .setHostnameVerificationAlgorithm("HTTPS")
+        .setPemTrustOptions(
+          new PemTrustOptions()
+            .addCertValue(vertx.fileSystem().readFileBlocking("tls/server.crt"))
+        ),
+      ctx.asyncAssertFailure(err -> {
+        ctx.assertEquals(err.getMessage(), "SSL handshake failed");
+        async.complete();
+      }));
+  }
+
+  @Test
+  public void testTLSCorrectHostname(TestContext ctx) {
+    Vertx vertxWithHosts = Vertx.vertx(
+      new VertxOptions()
+        .setAddressResolverOptions(
+          new AddressResolverOptions()
+            .setHostsValue(Buffer.buffer("127.0.0.1 thebrain.ca\n"))
+        )
+    );
+
+    Async async = ctx.async();
+    PgConnection.connect(
+      vertxWithHosts,
+      rule.options()
+        .setSslMode(SslMode.VERIFY_FULL)
+        .setHost("thebrain.ca")
+        .setHostnameVerificationAlgorithm("HTTPS")
+        .setPemTrustOptions(
+          new PemTrustOptions()
+            .addCertValue(vertxWithHosts.fileSystem().readFileBlocking("tls/server.crt"))
+        ),
+      ctx.asyncAssertSuccess(conn -> {
+        ctx.assertTrue(conn.isSSL());
+        vertxWithHosts.close();
+        async.complete();
+      }));
+  }
+
   @Test
   public void testSslModeDisable(TestContext ctx) {
     Async async = ctx.async();
