hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@gmail.com>
Subject Re: HTTPS connections over a proxy
Date Thu, 18 Jan 2007 14:16:02 GMT
Hi, Lasse,

With HttpClient you have to specify your proxy settings directly.
HttpClient doesn't automatically pickup the JVM-wide proxy settings.  Take a
look at this page on the wiki:

http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedApplicationDesignQuestions#head-4808398f4e6d318df33672d886d1f27bd2845277

Meanwhile....

<soapbox>
Too many people are using EasySSLProtocolSocketFactory to just get things
working!  Try to not get into the habit!  You're seriously compromising most
of the benefits of SSL!  Please use
AuthSSLProtocolSocketFactory<http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup>(but
hand it a null keystore if you don't want to use client-certificates).
Or you can look into not-yet-commons-ssl:

http://juliusdavies.ca/commons-ssl/
http://juliusdavies.ca/commons-ssl/TrustExample.java.html

Use "java -jar not-yet-commons-ssl-0.0.5.jar" to acquire the self-signed
certificate directly from the server:
http://juliusdavies.ca/commons-ssl/utilities.html

The javadocs here are also useful, but I wouldn't bother using this class.
Personally I prefer "TrustExample.java.html".
http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.html
</soapbox>

ps.  The "Ping" utility can also work with proxies, so it can help you debug
SSL + Proxy situations.
java -jar not-yet-commons-ssl-0.0.5.jar


yours,

Julius


On 1/18/07, Lasse Koskela <lasse.koskela@gmail.com> wrote:
>
> Hi,
>
> I'm facing a problem with getting HttpClient to connect to a HTTPS URL
> through a proxy when using the EasySSLProtocolSocketFactory.
>
> For example, when I connect to "https://www.verisign.com" through a
> proxy with the out-of-the-box configuration, everything works fine.
> However, I need to connect to another server through the same proxy
> and that other server has a self-signed certificate (it's a test
> server).
>
> Originally I did the following:
>
>     ProtocolSocketFactory socketFactory = new
> EasySSLProtocolSocketFactory();
>     Protocol protocol = new Protocol("https", socketFactory, 443);
>     Protocol.registerProtocol(protocol.getScheme(), protocol);
>
> ...and everything worked--both against verisign.com and against the
> test server with a self-signed certificate. However, now they're both
> behind a HTTP proxy and the EasySSLProtocolSocketFactory doesn't seem
> to cut it anymore.
>
> What options do I have?
>
>
> Lasse
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>


-- 
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message