hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Httpclient 3.1 with SSL - how do get the SSL peer certificates for a particular request?
Date Wed, 10 Oct 2007 14:43:25 GMT
On Tue, 2007-10-09 at 13:53 -0700, Eric Johnson wrote:
> Perhaps I missed the documentation, but here's my problem:
> 
> For our particular use of HttpClient (version 3.1), we'd like to be able
> to fetch the peer certificate chain for a particular request.
> 
> The obvious place to start is to define our own protocol socket factory.
> 
> Having done that, I can see perhaps caching the mapping of host to peer
> certificates in the protocol socket factory.  Then, after any given
> request, my code can ask the protocol socket factory for the peer
> certificates for the domain I just connected to.  This seems more
> complicated than it needs to be.  I worry that this gets awkward, how do
> I maintain the correctness of the cache.
> 
> I think it would make more sense to associate the certificate chain with
> the individual request.  I just don't see an obvious way to do that.
> 
> Any ideas how best to solve this?
> 

Hi Eric

Unfortunately I have no good news for you. There is simply no elegant
way of solving this problem with HttpClient 3.x. Possible workarounds
differ in the degree of ugliness, but all are very ugly.   

HttpClient 4.0 API is significantly more flexible and powerful. It
provides a reasonably elegant way of solving the problem (as well as
many other inherent deficiencies of the 3.x API), but it is still an
early ALPHA and is not expected to stabilize any time soon.

You'll have to pick a lesser of two evils depending on your particular
project circumstances and priorities.  

Oleg


> -Eric.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message