Align SslConfiguration factory method usage with Log4j 2.12+ API#4075
Merged
Align SslConfiguration factory method usage with Log4j 2.12+ API#4075
SslConfiguration factory method usage with Log4j 2.12+ API#4075Conversation
This change updates the usage of `SslConfiguration#createSSLConfiguration` to the 4-parameter factory method introduced in Log4j 2.12.0. Using the newer factory method keeps the code aligned with the current API and ensures that all configuration parameters supported by recent Log4j versions are correctly propagated during SSL configuration creation. Fixes #4061
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Log4j Core’s SslConfiguration plugin factory wiring to ensure the verifyHostName attribute is recognized (aligning with the newer 4-parameter createSSLConfiguration factory), and adds tests/resources to validate hostname verification behavior.
Changes:
- Move
@PluginFactoryto the 4-parameterSslConfiguration#createSSLConfiguration(...)and deprecate the legacy 3-parameter overload. - Add test coverage verifying
verifyHostNameis recognized via plugin metadata and exercised via a TLS socket appender integration test. - Add BouncyCastle test dependency to generate test certificates/keystores.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
src/changelog/.2.x.x/4061_ssl-connection.xml |
Changelog entry for the fix. |
log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java |
Adjusts plugin factory method and deprecates old overload. |
log4j-core-test/src/test/resources/TlsSocketAppenderTest/log4j2.xml |
Adds TLS SocketAppender config exercising verifyHostName. |
log4j-core-test/src/test/java/org/apache/logging/log4j/core/net/ssl/SslConfigurationTest.java |
Adds a plugin-metadata-based test asserting verifyHostName is applied. |
log4j-core-test/src/test/java/org/apache/logging/log4j/core/appender/X509Certificates.java |
Test utility to generate X.509 material (via BouncyCastle). |
log4j-core-test/src/test/java/org/apache/logging/log4j/core/appender/TlsSocketAppenderTest.java |
New integration-style tests for hostname verification behavior. |
log4j-core-test/src/test/java/org/apache/logging/log4j/core/appender/LineReadingTcpServer.java |
Adds bind-address configurability to support new TLS tests. |
log4j-core-test/pom.xml |
Adds BouncyCastle test dependency/version management. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java
Show resolved
Hide resolved
log4j-core-test/src/test/java/org/apache/logging/log4j/core/appender/TlsSocketAppenderTest.java
Show resolved
Hide resolved
log4j-core-test/src/test/java/org/apache/logging/log4j/core/appender/TlsSocketAppenderTest.java
Show resolved
Hide resolved
log4j-core-test/src/test/java/org/apache/logging/log4j/core/appender/X509Certificates.java
Show resolved
Hide resolved
Member
|
@ppkarwasz, I presume this enhancement will be shipped in |
Member
Nevermind. This indeed fixes a bug. |
This reverts commit e59a1b2.
If a host does not resolve `*.localhost` to the loopback device as recommended by RFC 6761, there is no real way to test certificate validation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change updates the usage of
SslConfiguration#createSSLConfigurationto the 4-parameter factory method introduced in Log4j 2.12.0.Using the newer factory method keeps the code aligned with the current API and ensures that all configuration parameters supported by recent Log4j versions are correctly propagated during SSL configuration creation.
Fixes #4061