This repository contains the code to a small java agent, which will disable the certificate name validation for your AWS Java SDK v2 clients.
This tool was made necessary due to the decision of the AWS Java SDK team to remove the global configuration option for this functionality with the AWS SDK v2. See: aws/aws-sdk-java-v2#1230
For the AWS Java SDK v1, please set the -Dcom.amazonaws.sdk.disableCertChecking system property.
Warning: Please note that the usage of this tool is meant for testing/development purposes only. Please do not disable certificate name validation on your production stack.
- Download the latest release
- Load the jar file as java agent using
-javaagent:<path-to-file>either specified as command line argument, or setting it in theJAVA_TOOL_OPTIONSenvironment variable when starting your process like this:JAVA_TOOL_OPTIONS=-javaagent:<path-to-file>. - You can now use for example DNS to redirect your SDK calls to any endpoint you want, e.g. to LocalStack.
Please remember to use a separate profile/configuration for your development and production environments, to avoid accidentally disabling the certificate name verification in production.
This utility works by using java instrumentation to set the TRUST_ALL_CERTIFICATES option per default on all created clients.
It does so by merging passed AttributeMaps of the SDK with a new one setting this option in the buildWithDefaults methods of all client builders.
This tool uses javassist to insert and compile the bytecode on the load of the respective client classes.
This tools supports the following http clients, if used:
Synchronous:
Asynchronous: