hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DELHOSTE Fabrice <Fabrice.DELHO...@gemalto.com>
Subject RE: HttpCore NIO & SSL behind proxy
Date Mon, 19 Jul 2010 17:15:22 GMT
Thanks.

I've added the test for SSL session attribute to BasicManagedIOSession.getSession (not sure
if it can be done in upper calls at the moment). It works.

No problem for contributing. I'll do it once it works.

BR,
Fabrice

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: lundi 19 juillet 2010 17:29
To: HttpComponents Project
Subject: RE: HttpCore NIO & SSL behind proxy

On Mon, 2010-07-19 at 16:04 +0200, DELHOSTE Fabrice wrote:
> Thanks Oleg and Asankha.
> 
> So, as you known, in httpclientasync, I changed the dispatcher to SSL and after the first
request (or a while), it gets stuck not publishing the next request.
> 
> After analyzing and comparing HTTP vs HTTPS logs, actually, I may have found my mistake.
Changing to SSL dispatcher seems not enough; I must also set the SSL session to the OP_WRITE
event in addition to the regular session (in HttpExchangeImpl.requestCompleted):
> 
>   private synchronized void requestCompleted(final ManagedIOSession session) {
>     this.managedSession = session;
>     IOSession iosession = session.getSession();
>     iosession.setAttribute(InternalRequestExecutionHandler.HTTP_EXCHANGE, this);
>     iosession.setEvent(SelectionKey.OP_WRITE);
>     SSLIOSession sslsession = (SSLIOSession) iosession.getAttribute("SSL_SESSION");
>     if (sslsession != null) {
>       sslsession.setEvent(SelectionKey.OP_WRITE);
>     }
>   }
> 
> I guess that comes probably from the way SSLIOSession decorates the iosession.
> 

Fabrice,

The protocol code should always be using the SSL i/o session instead of
the underlying plain i/o session, when available. You may want to
consider tweaking BasicManagedIOSession class to return the instance of
the SSL i/o session in case of a secure route.

> Am I right? Is it the correct way to do it?
> 
> FYI, to achieve SSL as well as HTTP in httpclientasync, I actually made InternalClientEventDispatch
a composite of DefaultClientIOEventDispatch and SSLClientIOEventDispatch, forwarding to the
right one depending on the scheme of the target host.
> 

Please consider contributing it back to the project.

Cheers

Oleg

> Cheers,
> Fabrice
> 
> -----Original Message-----
> From: Asankha Perera [mailto:asankha.apache@gmail.com] On Behalf Of Asankha C. Perera
> Sent: vendredi 16 juillet 2010 21:57
> To: HttpComponents Project
> Subject: Re: HttpCore NIO & SSL behind proxy
> 
> Hi Fabrice
> > Two things you should try:
> > (1) reproducing the problem with a test case. HttpCore has a number of
> > test cases for non-blocking SSL and you could use those as a starting
> > point.
> > (2) reproducing the problem with I/O session event logging on. This
> > should help find out whether I/O interests are set correctly (write
> > events suspended by mistake). Logging is simply indispensable when
> > troubleshooting concurrency issues.
> >    
> You could also try the "-Djavax.net.debug=all" system property, which 
> may give you a hint if the cause is SSL specific
> 
> cheers
> asankha
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message