commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ortwin Glück" <ortwin.glu...@nose.ch>
Subject [HttpClient] SSL proxy tunneling
Date Wed, 10 Jul 2002 14:53:43 GMT
The current implementation can not handle SSL through proxies correctly.
I was trying to make a patch today but ran across a design flaw in the 
current code.

I just wrote a CONNECT method wrapper (see attachment) which is called 
in HttpClient.open:

         if (!connection.isOpen()) {
             connection.open();
             if (connection.isProxied() && connection.isSecure()) {
                 method = new ConnectMethod(method);
             }
         }
	return method.execute(getState(),connection);

The problem arises from the fact that the secure socket is opened in 
HttpConnetion.open *before* any CONNECT request can be sent.

The process of establishing a tunnel is:
1. open ordinary socket to proxy
2. request tunnel from the proxy
3. notify the connection that tunnel is established
4. connection switches to secure socket
5. encrypted communication

SSLSocketFactory.createSocket(Socket s, String host, int port, boolean 
autoClose) is tailored for this purpose. It takes an existing socket and 
uses it as a tunnel.

I suggest that we add a HttpConnection.tunnelEstablished method. If a 
connection is secure and proxied an ordinary socket is acquired at first 
and is replaced by the secure socket when this method is called. The 
method needs proper state checking as well.

Comments are welcome.
-- 
_________________________________________________________________
  NOSE applied intelligence ag      [perspectix-nose digital b.i]
                                    [www]      http://www.nose.ch
  ortwin glück                      [email] ortwin.glueck@nose.ch
  hardturmstrasse 171               [office]      +41-1-277 57 35
  8005 zurich                       [fax]         +41-1-277 57 12
  switzerland


Mime
View raw message