hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@gmail.com>
Subject Re: HTTPS connections over a proxy
Date Thu, 18 Jan 2007 14:16:02 GMT
Hi, Lasse,

With HttpClient you have to specify your proxy settings directly.
HttpClient doesn't automatically pickup the JVM-wide proxy settings.  Take a
look at this page on the wiki:



Too many people are using EasySSLProtocolSocketFactory to just get things
working!  Try to not get into the habit!  You're seriously compromising most
of the benefits of SSL!  Please use
hand it a null keystore if you don't want to use client-certificates).
Or you can look into not-yet-commons-ssl:


Use "java -jar not-yet-commons-ssl-0.0.5.jar" to acquire the self-signed
certificate directly from the server:

The javadocs here are also useful, but I wouldn't bother using this class.
Personally I prefer "TrustExample.java.html".

ps.  The "Ping" utility can also work with proxies, so it can help you debug
SSL + Proxy situations.
java -jar not-yet-commons-ssl-0.0.5.jar



On 1/18/07, Lasse Koskela <lasse.koskela@gmail.com> wrote:
> Hi,
> I'm facing a problem with getting HttpClient to connect to a HTTPS URL
> through a proxy when using the EasySSLProtocolSocketFactory.
> For example, when I connect to "https://www.verisign.com" through a
> proxy with the out-of-the-box configuration, everything works fine.
> However, I need to connect to another server through the same proxy
> and that other server has a self-signed certificate (it's a test
> server).
> Originally I did the following:
>     ProtocolSocketFactory socketFactory = new
> EasySSLProtocolSocketFactory();
>     Protocol protocol = new Protocol("https", socketFactory, 443);
>     Protocol.registerProtocol(protocol.getScheme(), protocol);
> ...and everything worked--both against verisign.com and against the
> test server with a self-signed certificate. However, now they're both
> behind a HTTP proxy and the EasySSLProtocolSocketFactory doesn't seem
> to cut it anymore.
> What options do I have?
> Lasse
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Julius Davies

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message