Return-Path: Delivered-To: apmail-hc-dev-archive@www.apache.org Received: (qmail 54789 invoked from network); 18 Apr 2009 14:01:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Apr 2009 14:01:47 -0000 Received: (qmail 921 invoked by uid 500); 18 Apr 2009 14:01:47 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 828 invoked by uid 500); 18 Apr 2009 14:01:47 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 815 invoked by uid 99); 18 Apr 2009 14:01:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Apr 2009 14:01:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.130] (HELO eos.apache.org) (140.211.11.130) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Apr 2009 14:01:39 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id D1787114FB for ; Sat, 18 Apr 2009 14:01:18 +0000 (GMT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Apache Wiki To: dev@hc.apache.org Date: Sat, 18 Apr 2009 14:01:18 -0000 Message-ID: <20090418140118.21655.32881@eos.apache.org> Subject: [Httpcomponents Wiki] Update of "HttpClientTutorial" by OlegKalnichevski X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification. The following page has been changed by OlegKalnichevski: http://wiki.apache.org/HttpComponents/HttpClientTutorial ------------------------------------------------------------------------------ == Socket factories == - HTTP connections make use of a java.net.Socket object internally to handle transmittion of data across the wire. They, however, rely on SocketFactory interface to create, initialize and connect sockets. This enables the users of HttpClient to provide application specific socket initialization code at runtime. PlainSocketFactory is the default factory for creating and initializing plain (unencrypted) sockets. + HTTP connections make use of a java.net.Socket object internally to handle transmission of data across the wire. They, however, rely on SocketFactory interface to create, initialize and connect sockets. This enables the users of HttpClient to provide application specific socket initialization code at runtime. PlainSocketFactory is the default factory for creating and initializing plain (unencrypted) sockets. The process of creating a socket and that of connecting it to a host are decoupled, so that the socket could be closed while being blocked in the connect operation. @@ -771, +771 @@ === Hostname verification === - Hostname verifier implementations. + In addition to the trust verification and the client authentication performed on the SSL/TLS protocol level, HttpClient can optionally verify whether the target hostname matches the names stored inside the server's X.509 certificate, once the connection has been established. This verification can provide additional guarantees of authenticity of the server trust material. X509HostnameVerifier interface represents a strategy for hostname verification. HttpClient ships with three X509HostnameVerifier. Important: hostname verification should not be confused with SSL trust verification. + + * '''StrictHostnameVerifier''': The strict hostname verifier works the same way as Sun Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. + * '''BrowserCompatHostnameVerifier''': The hostname verifier that works the same way as Curl and Firefox. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The only difference between BrowserCompatHostnameVerifier and StrictHostnameVerifier is that a wildcard (such as "*.foo.com") with BrowserCompatHostnameVerifier matches all subdomains, including "a.b.foo.com". + + * '''AllowAllHostnameVerifier''': This hostname verifier essentially turns hostname verification off. This implementation is a no-op, and never throws the SSLException. + + Per default HttpClient uses BrowserCompatHostnameVerifier implementation. One can specify a different hostname verifier implementation if desired + + {{{ + SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getInstance("TLS")); + sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); + }}} + == Protocol schemes == - Scheme class is used to represent a protocol scheme such as "http" or "https". + Scheme class represents a protocol scheme such as "http" or "https" and contains a number of protocol properties such as the default port and the socket factory to be used to creating Sockets for the given protocol. SchemeRegistry class is used to maintain a set of Schemes HttpClient can choose from when trying to establish a connection by a request URI: + + {{{ + Scheme http = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80); + + SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getInstance("TLS")); + sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); + Scheme https = new Scheme("https", sf, 443); + + SchemeRegistry sr = new SchemeRegistry(); + sr.register(http); + sr.register(https); + }}} == HttpClient proxy configuration == --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org