Unable to Disable Hostname Verification for HTTPS Requests in Micronaut

[ChaimaaeROUAI]

Description

An option is needed to disable hostname verification for HTTPS requests when using HttpClient with a .p12 self-signed certificate.
In some scenarios, such as internal testing across multiple environments where the hostname may vary or IP addresses are used instead of hostnames, hostname verification creates a limitation. While Micronaut provides an option to disable certificate validation (insecure-trust-all-certificates), hostname verification still occurs, leading to SSLHandshakeException.

Steps to Reproduce

1. Configure HTTPS in the Micronaut server using the following settings:

micronaut.server.ssl.enabled=true
micronaut.server.ssl.port=8080
micronaut.server.ssl.key-store.path=file:/file/path/for/replicationcertificate.p12
micronaut.server.ssl.key-store.password=xxxxxxx
micronaut.server.ssl.key-store.type=PKCS12
micronaut.ssl.key.password=xxxxxxx
micronaut.ssl.key.alias=replicationcertificate

2. Create an HTTP client with custom SSL configuration:

HttpClient createHttpsClient() {
       HttpClientConfiguration httpClientConfiguration = new DefaultHttpClientConfiguration();
       SslConfiguration sslConfiguration = getSslConfiguration();
       httpClientConfiguration.setSslConfiguration(sslConfiguration);
       return HttpClient.create(null, httpClientConfiguration);
   }

   private SslConfiguration getSslConfiguration() {
       SslConfiguration.TrustStoreConfiguration trustStoreConfig = new SslConfiguration.TrustStoreConfiguration();
       trustStoreConfig.setPassword("xxxxx");
       trustStoreConfig.setPath("file:/opt/db_monitor_svc/replicationcertificate.p12");
       trustStoreConfig.setType("PKCS12");
       ClientSslConfiguration clientSslConfiguration = new ClientSslConfiguration();
       clientSslConfiguration.setTrustStore(trustStoreConfig);
       clientSslConfiguration.setClientAuthentication(ClientAuthentication.WANT);
       clientSslConfiguration.setEnabled(true);
       clientSslConfiguration.setInsecureTrustAllCertificates(true);
       return clientSslConfiguration;
   }

3. Call the HTTPS REST endpoint:

HttpResponse<?> response = httpClient.toBlocking().exchange(request, ResponseType.class);

Actual Behavior

The following error is received

Connect Error: No name matching mysql-cluster-db-monitor-svc.samar1 found
21:11:04.845 [multithreadEventLoopGroup-3-6] ERROR i.m.h.client.netty.DefaultHttpClient - Failed to connect to remote
javax.net.ssl.SSLHandshakeException: No name matching mysql-cluster-db-monitor-svc.samar1 found
       at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)

Expected Behavior

To disable hostname verification for HTTPS requests (similar to NoopHostnameVerifier in Spring Boot). The option micronaut.http.client.ssl.insecure-trust-all-certificates=true or clientSslConfiguration.setInsecureTrustAllCertificates(true) does not bypass hostname verification.

Current Workaround

Generating a .p12 certificate with the required hostname resolves the issue. However, in environments where the hostname or IP address can vary, we would like an option to disable hostname verification for internal testing with self-signed certificates.

Feature Request

Provide an option to disable hostname verification for HttpClient when using self-signed certificates, similar to Spring Boot's NoopHostnameVerifier.