For tedious reasons discussed elsewhere, I have a temporary need to talk to Elasticsearch using the Java transport client with the complications that
- communication has to be over TLS, I can't change that
- the server certificate will be presented with the wrong SAN, I can't change that
So the question is: how to tell the Java transport client to skip the SAN check and refrain from doing this:
java.security.cert.CertificateException: No subject alternative DNS name matching elasticsearch-es-transport found.
at java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:207)
I have tried various things along the lines of HttpsURLConnection.setDefaultHostnameVerifier() but none of them has worked.