== How to fix it in Java SE

=== Code examples

include::../../common/fix/code-rationale.adoc[]

:cert_method_name: javax.net.ssl.HostnameVerifier.verify()

include::../../common/fix/code-rationale-override.adoc[]

==== Noncompliant code example

[source,java,diff-id=21,diff-type=noncompliant]
----
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.HostnameVerifier;

public InputStream doRequest() {
    URL url                          = new URL("https://example.org/");
    HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();

    urlConnection.setHostnameVerifier(new HostnameVerifier() {
      @Override
      public boolean verify(String requestedHost, SSLSession remoteServerSession) {
        return true;  // Noncompliant
      }
    });

    return urlConnection.getInputStream();
}
----

==== Compliant solution

[source,java,diff-id=21,diff-type=compliant]
----
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

public InputStream doRequest() {
    URL url                          = new URL("https://example.org/");
    HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();

    return urlConnection.getInputStream();
}
----

=== How does this work?

include::../../common/fix/validation.adoc[]

include::../../common/fix/keytool.adoc[]