hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCORE-396) PrivateKeyStrategy does not work with async (NIO) components
Date Wed, 18 Feb 2015 13:35:11 GMT

     [ https://issues.apache.org/jira/browse/HTTPCORE-396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Oleg Kalnichevski resolved HTTPCORE-396.
       Resolution: Fixed
    Fix Version/s: 5.0-alpha1

It was my oversight on my part. Sorry for that. Unfortunately we can change PrivateKeyStrategy
in 4.x. I am also reluctant to make an HttpAsyncClient specific copy of SSLContext builder
and related interfaces. For 4.x in async mode the Socket parameter will have to be null (which
by the way is valid according to X509KeyManager javadocs). For 5.0 PrivateKeyStrategy has
been changed to take SSLParameters instead of Socket. 

Fixed in SVN trunk and 4.4.x branch. Please review / re-test with your application.


> PrivateKeyStrategy does not work with async (NIO) components
> ------------------------------------------------------------
>                 Key: HTTPCORE-396
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-396
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4
>            Reporter: Chris Kistner
>            Priority: Minor
>              Labels: SSLContext, SSLEngine, X509ExtendedKeyManager
>             Fix For: 4.4.1, 5.0-alpha1
>         Attachments: ApacheAsyncPrivateKeyStrategy.java, ApacheAsyncSSLContextBuilder.java
> I tried using httpclient-4.3.6's SSLContextBuilder to build a SSLContext, which I then
fed to my AsyncHttpClient connection pool. 
> It worked just fine for configuring the cipher suites, TLS/SSL protocols and trust stores,
however it did not work for the key managers.
> The reason being that it did not implement a key manager that extended X509ExtendedKeyManager.
> As far as I saw the differences between the X509ExtendedKeyManager abstract class and
X509KeyManager interface are:
> * X509ExtendedKeyManager (for async [and sync]) takes in SSLEngine as argument for its
chooseEngineClientAlias method
> * X509KeyManager (for sync only) takes in Socket as argument for its chooseServerAlias
> For the while being, I've copied and adjusted the SSLContextBuilder and PrivateKeyStrategy
classes to suite my needs for a KeyManager implementation when going async. See the attached
files for my copy.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message