hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpcomponents Wiki] Update of "HttpClientTutorial" by OlegKalnichevski
Date Sat, 18 Apr 2009 14:01:18 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification.

The following page has been changed by OlegKalnichevski:
http://wiki.apache.org/HttpComponents/HttpClientTutorial

------------------------------------------------------------------------------
  
  == Socket factories ==
  
-     HTTP connections make use of a java.net.Socket object internally to handle transmittion
of data across the wire. They, however, rely on SocketFactory interface to create, initialize
and connect sockets. This enables the users of HttpClient to provide application specific
socket initialization code at runtime. PlainSocketFactory is the default factory for creating
and initializing plain (unencrypted) sockets. 
+     HTTP connections make use of a java.net.Socket object internally to handle transmission
of data across the wire. They, however, rely on SocketFactory interface to create, initialize
and connect sockets. This enables the users of HttpClient to provide application specific
socket initialization code at runtime. PlainSocketFactory is the default factory for creating
and initializing plain (unencrypted) sockets. 
      
      The process of creating a socket and that of connecting it to a host are decoupled,
so that the socket could be closed while being blocked in the connect operation.
  
@@ -771, +771 @@

  
  === Hostname verification ===
  
-    Hostname verifier implementations.
+    In addition to the trust verification and the client authentication performed on the
SSL/TLS protocol level, HttpClient can optionally verify whether the target hostname matches
the names stored inside the server's X.509 certificate, once the connection has been established.
This verification can provide additional guarantees of authenticity of the server trust material.
X509HostnameVerifier interface represents a strategy for hostname verification. HttpClient
ships with three X509HostnameVerifier. Important: hostname verification should not be confused
with SSL trust verification.
+    
+    * '''StrictHostnameVerifier''': The strict hostname verifier works the same way as Sun
Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. This implementation appears
to be compliant with RFC 2818 for dealing with wildcards. The hostname must match either the
first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.

  
+    * '''BrowserCompatHostnameVerifier''': The hostname verifier that works the same way
as Curl and Firefox. The hostname must match either the first CN, or any of the subject-alts.
A wildcard can occur in the CN, and in any of the subject-alts. The only difference between
BrowserCompatHostnameVerifier and StrictHostnameVerifier is that a wildcard (such as "*.foo.com")
with BrowserCompatHostnameVerifier matches all subdomains, including "a.b.foo.com".
+ 
+    * '''AllowAllHostnameVerifier''': This hostname verifier essentially turns hostname verification
off. This implementation is a no-op, and never throws the SSLException.
+    
+    Per default HttpClient uses BrowserCompatHostnameVerifier implementation. One can specify
a different hostname verifier implementation if desired
+    
+ {{{
+ SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getInstance("TLS"));
+ sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+ }}}
+    
  == Protocol schemes ==
      
-     Scheme class is used to represent a protocol scheme such as "http" or "https".
+     Scheme class represents a protocol scheme such as "http" or "https" and contains a number
of protocol properties such as the default port and the socket factory to be used to creating
Sockets for the given protocol. SchemeRegistry class is used to maintain a set of Schemes
HttpClient can choose from when trying to establish a connection by a request URI:
+     
+ {{{
+ Scheme http = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
+ 
+ SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getInstance("TLS"));
+ sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+ Scheme https = new Scheme("https", sf, 443);
+ 
+ SchemeRegistry sr = new SchemeRegistry();
+ sr.register(http);
+ sr.register(https);
+ }}}
      
  == HttpClient proxy configuration ==
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message