hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Johnson <e...@tibco.com>
Subject Re: Httpclient 3.1 with SSL - how do get the SSL peer certificates for a particular request?
Date Fri, 26 Oct 2007 18:04:39 GMT
Hi Oleg,

A little slow on the up-take, I am.  Thanks for taking the time to
respond.  It is, alas, as I figured.

Looking forward to HttpComponents....  If only I had more time to
contribute like I used to.

-Eric.

Oleg Kalnichevski wrote:
> On Tue, 2007-10-09 at 13:53 -0700, Eric Johnson wrote:
>   
>> Perhaps I missed the documentation, but here's my problem:
>>
>> For our particular use of HttpClient (version 3.1), we'd like to be able
>> to fetch the peer certificate chain for a particular request.
>>
>> The obvious place to start is to define our own protocol socket factory.
>>
>> Having done that, I can see perhaps caching the mapping of host to peer
>> certificates in the protocol socket factory.  Then, after any given
>> request, my code can ask the protocol socket factory for the peer
>> certificates for the domain I just connected to.  This seems more
>> complicated than it needs to be.  I worry that this gets awkward, how do
>> I maintain the correctness of the cache.
>>
>> I think it would make more sense to associate the certificate chain with
>> the individual request.  I just don't see an obvious way to do that.
>>
>> Any ideas how best to solve this?
>>
>>     
>
> Hi Eric
>
> Unfortunately I have no good news for you. There is simply no elegant
> way of solving this problem with HttpClient 3.x. Possible workarounds
> differ in the degree of ugliness, but all are very ugly.   
>
> HttpClient 4.0 API is significantly more flexible and powerful. It
> provides a reasonably elegant way of solving the problem (as well as
> many other inherent deficiencies of the 3.x API), but it is still an
> early ALPHA and is not expected to stabilize any time soon.
>
> You'll have to pick a lesser of two evils depending on your particular
> project circumstances and priorities.  
>
> Oleg
>
>
>   
>> -Eric.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
>>
>>
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
>
>
>   

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message