hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1454) Allow use of multiple SSLContexts with single instance of HttpClient
Date Thu, 30 Jan 2014 11:56:09 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13886514#comment-13886514

Oleg Kalnichevski commented on HTTPCLIENT-1454:

> What is the timeframe for 4.4 GA release?
I would expect 4.4a1 to be released by March. I would not like to commit to any deadlines
beyond that. 

This particular issue can be easily resolved by a custom ConnectionSocketFactory implementation
(which is a recommended approach for all non-trivial applications anyway). Therefore I see
no sense in rushing the fix.

> A pull request that implements this change

Changes in the pool request look all right to me. No need to keep HttpClientConnectionOperator.
This class is package private and can simply be removed.


> Allow use of multiple SSLContexts with single instance of HttpClient
> --------------------------------------------------------------------
>                 Key: HTTPCLIENT-1454
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1454
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpConn
>            Reporter: Cservenak, Tamas
>             Fix For: 4.4 Alpha1
> Goal: using differently set up SSLContexts for same (shared) HttpClient instance, that
should be used by some set of (application specific) conditions. Currently (and even before
4.3, this stands for 4.2 and older clients too), only one ConnectionSocketFactory (or it's
older equivalent) might be used for connection manager. In some applications this might be
not enough, as while sharing httpClient is desired, it's not possible to have an instance
being set up using multiple SSLContexts (contexts being set up in vastly different ways, like
one allowing self signed certs. one using it's own controlled trust material, and one using
default JVM trust material for example).
> The new PoolingHttpClientConnectionManager (introduced in 4.3) should be improved to
allow this kind of "selection" without mangling the schema of the accessed URIs (like using
"https-weak://host/foo" and registering proper ConnectionSocketFactory for given schema).
> Before, this was possible as HttpClientConnectionOperator was exposed, but not anymore
in 4.3.x.
> Frankly, the HttpClientConnectionOperator solution seemed "cleaner" to me, but a possible
solution might be drafted in PR below:
> https://github.com/apache/httpclient/pull/9

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message