hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Kistner (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-396) PrivateKeyStrategy does not work with async (NIO) components
Date Wed, 18 Feb 2015 23:14:12 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326711#comment-14326711

Chris Kistner commented on HTTPCORE-396:

Thank you Oleg!

Switching from httpcore 4.4 to the 4.4.1-SNAPSHOT version fixed the issue, or at least our
unit tests showed that the Async client then provided its client certificate.
The only downside to the current fix in the 4.4 branch is that users won't be able to get
any context from the SSL connection when it's an async client, but in our use case we do not
need it.

I quite like the way you fixed it in the trunk, where SSLParameters are used instead of the
Socket or SSLEngine.

> PrivateKeyStrategy does not work with async (NIO) components
> ------------------------------------------------------------
>                 Key: HTTPCORE-396
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-396
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4
>            Reporter: Chris Kistner
>            Priority: Minor
>              Labels: SSLContext, SSLEngine, X509ExtendedKeyManager
>             Fix For: 4.4.1, 5.0-alpha1
>         Attachments: ApacheAsyncPrivateKeyStrategy.java, ApacheAsyncSSLContextBuilder.java
> I tried using httpclient-4.3.6's SSLContextBuilder to build a SSLContext, which I then
fed to my AsyncHttpClient connection pool. 
> It worked just fine for configuring the cipher suites, TLS/SSL protocols and trust stores,
however it did not work for the key managers.
> The reason being that it did not implement a key manager that extended X509ExtendedKeyManager.
> As far as I saw the differences between the X509ExtendedKeyManager abstract class and
X509KeyManager interface are:
> * X509ExtendedKeyManager (for async [and sync]) takes in SSLEngine as argument for its
chooseEngineClientAlias method
> * X509KeyManager (for sync only) takes in Socket as argument for its chooseServerAlias
> For the while being, I've copied and adjusted the SSLContextBuilder and PrivateKeyStrategy
classes to suite my needs for a KeyManager implementation when going async. See the attached
files for my copy.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message