Disabling SSL checks doesn't work #94
Description
There's a bunch of StackOverflow answers and Kong/unirest-java#197 pointing out how to disable SSL certificate and hostname checks using something like:
HttpClients.custom()
.setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, (x509Certificates, s) -> true).build())
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.build();
But it looks like that won't work for this library as implemented because at least the sync RestClient uses a connection manager and because of that the calls to setSSLContext have no effect.
It looks like what needs to change is at https://github.com/josueeduardo/rest-client/blob/master/src/main/java/io/joshworks/restclient/http/ClientBuilder.java#L55 if a custom sslContext is present the connection manager needs to be configured to use it.
Ex. I created a custom build with the following to just always disable SSL checks (long story)
final SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(null, (x509CertChain, authType) -> true)
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory =
new SSLConnectionSocketFactory(sslContext, new String[]
{"SSLv2Hello", "SSLv3", "TLSv1","TLSv1.1", "TLSv1.2" }, null,
NoopHostnameVerifier.INSTANCE);
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.
<ConnectionSocketFactory>create()
.register("http",PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslConnectionSocketFactory).build());
So it seems like you'd definitely need a custom SSLConnectionSocketFactory if a sslContext has been set. And maybe also make it possible to disable host name verification on the configuration object?
Happy to provide a PR if you agree.