JAX-RS 2.0 Client Hostname Verification Test Failure on Windows #34255
Description
Issue Description
It appears that once the client property com.ibm.ws.jaxrs.client.disableCNCheck has been set to "true", it cannot be set back to the default of "false" without restarting the application. Closing and restarting the client is not enough. Is this expected behavior?
client = ClientBuilder.newClient();
client.property("com.ibm.ws.jaxrs.client.ssl.config", "mySSLConfigNoHNV");
client.property("com.ibm.ws.jaxrs.client.disableCNCheck", "true");
The test testNoHostnameVerificationDisableCNCheckFalse in the JAX-RS 2.0 client hostname verification test suite is failing on Windows. The test expects a ProcessingException to be thrown when hostname verification is disabled in SSL config but the JAX-RS client property disableCNCheck is explicitly set to "false", but the request succeeds instead.
## Error Details
junit.framework.AssertionFailedError: 2026-02-22-18:58:03:211 HostnameVerificationClientTestServlet.testNoHostnameVerificationDisableCNCheckFalse: request should have failed with ProcessingException
at io.openliberty.jaxrs.client.fat.hostnameverification.servlet.HostnameVerificationClientTestServlet.testNoHostnameVerificationDisableCNCheckFalse(HostnameVerificationClientTestServlet.java:151)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at componenttest.app.FATServlet.doGet(FATServlet.java:80)
## Environment
- **Platform**: Windows (issue is Windows-specific)
- **JAX-RS Version**: 2.0
- **CXF Version**: 3.1.18 (bundled with JAX-RS 2.0)
- **Test Module**: `com.ibm.ws.jaxrs.2.0.client_fat`
- **Test Class**: `HostnameVerificationClientTestServlet`
- **Failing Test**: `testNoHostnameVerificationDisableCNCheckFalse` (line 141-157)
## Test Configuration
### SSL Configuration (server.xml)
```xml
<ssl id="mySSLConfigNoHNV" keyStoreRef="clientKeyStore" trustStoreRef="clientTrustStore" verifyHostname="false"/>
JAX-RS Client Property
builder.property("com.ibm.ws.jaxrs.client.disableCNCheck", "false"); // Line 144 - String value "false"Expected Behavior
When:
- SSL config has
hostnameVerification=false(mySSLConfigNoHNV) - JAX-RS client property
disableCNCheck="false"is explicitly set as a string
Then: The request should fail with a ProcessingException because the client property should override the SSL config and enforce hostname verification.
Actual Behavior
On Windows, the request succeeds when it should fail, indicating that hostname verification is not being enforced despite the disableCNCheck="false" property.
Root Cause Analysis
The issue appears to be in how the disableCNCheck property is processed:
Key Code Location
File: com.ibm.ws.jaxrs.2.0.client/src/com/ibm/ws/jaxrs20/client/security/LibertyJaxRsClientSSLOutInterceptor.java
Lines 88-90:
Object disableCNCheckObj = message.get("disableCNCheck");
// convert the property to boolean
boolean disableCNCheck = PropertyUtils.isTrue(disableCNCheckObj);Issues
This could be a JVM (Hotspot) level issue on Windows.
When com.ibm.ws.jaxrs.client.disableCNCheck is false, it creates a specific object state Combined with Liberty's LibertySSLSocketFactory having endpointIdentificationAlgorithm=null. The Windows JVM's SSL implementation completely bypasses the application-level HostnameVerifier even though CXF correctly returns DefaultHostnameVerifier, it never gets invoked.
Investigation Steps Taken
-
Added trace logging to server.xml:
<logging traceSpecification="com.ibm.ws.jaxrs*=all:org.apache.cxf.*=all:" />
-
Identified the property conversion logic in
LibertyJaxRsClientSSLOutInterceptor.java -
Confirmed CXF version is 3.1.18.
Files Involved
- Test Servlet:
com.ibm.ws.jaxrs.2.0.client_fat/test-applications/hostnameverification/src/io/openliberty/jaxrs/client/fat/hostnameverification/servlet/HostnameVerificationClientTestServlet.java - SSL Interceptor:
com.ibm.ws.jaxrs.2.0.client/src/com/ibm/ws/jaxrs20/client/security/LibertyJaxRsClientSSLOutInterceptor.java - Server Config:
com.ibm.ws.jaxrs.2.0.client_fat/publish/servers/com.ibm.ws.jaxrs.2.0.client.fat.HostnameVerificationTest/server.xml