How to get server IP address in custom HostnameVerifier

Question

I am having a custom verify method implemented from HostnameVerifier.

@Override
public boolean verify(String hostname, SSLSession session) {

The hostname here gives me the value present in the URL to which the client connects to (either IP address or dns name) and the SSLSession gives me all peer values like peerCert (in my case server certs) and peerCertChain. It also has peerHost which is value from the URL.

I am trying to get the server IP address that my client connecting to. The servers (2 in number) are behind Load Balancer . So my client URL will always have the Load Balancer IP while invoking server.

hostname 
peerHost=session.getPeerHost()

These both are giving me the value from URL (that is loadBalancer IP).

How to get the IP address of the server which is behind load balancer in my custom HostnameVerifier?

SSLSession has got server certificates.. how can I get server IP address?

Any suggestion/help on this much appreciated

Answer 1

It is impossible to get the IP address of the server behind a load balancer from the connection because the connection is to the load balancer and not to the server. The only way you could get to the servers address is if the load balancer would tell you its address.

Assuming that the load balancer is the endpoint of the TLS connection and can modify the HTTP traffic inside the TLS it would be possible to add a custom HTTP header in the response. But, this information would only be available after the TLS handshake is done, ie not yet in the HostnameVerifier because this is called during the TLS handshake.

If the load balancer is not the endpoint of the TLS connection but just forwards the TCP connection unchanged to the server you still cannot get the IP address from the connection but you might distinguish the servers if they use different certificates. The content of the certificate should be accessible in HostnameVerifier.