Return-Path: 
 <httpclient-user-return-3494-apmail-jakarta-httpclient-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-httpclient-user-archive@www.apache.org
Received: (qmail 86070 invoked from network); 18 Jan 2007 14:16:27 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 18 Jan 2007 14:16:27 -0000
Received: (qmail 49779 invoked by uid 500); 18 Jan 2007 14:16:32 -0000
Delivered-To: apmail-jakarta-httpclient-user-archive@jakarta.apache.org
Received: (qmail 49764 invoked by uid 500); 18 Jan 2007 14:16:32 -0000
Mailing-List: contact httpclient-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-user-help@jakarta.apache.org>
List-Unsubscribe: <mailto:httpclient-user-unsubscribe@jakarta.apache.org>
List-Post: <mailto:httpclient-user@jakarta.apache.org>
List-Id: "HttpClient User Discussion" <httpclient-user.jakarta.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-user@jakarta.apache.org>
Delivered-To: mailing list httpclient-user@jakarta.apache.org
Received: (qmail 49753 invoked by uid 99); 18 Jan 2007 14:16:32 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jan 2007 06:16:32 -0800
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of juliusdavies@gmail.com
 designates 66.249.82.230 as permitted sender)
Received: from [66.249.82.230] (HELO wx-out-0506.google.com) (66.249.82.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jan 2007 06:16:23 -0800
Received: by wx-out-0506.google.com with SMTP id h31so206050wxd
        for <httpclient-user@jakarta.apache.org>;
 Thu, 18 Jan 2007 06:16:02 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=c4Azi4ljhXNOqdsFW50bpOAD8uVPP53Ot+FvW1gB95VjEMWW3KOigkJcCM52NTO7BQpIkgG/63gsDcl0kX9Uukyi3ZqaX0XwJCyW8Y6/nGmDSIM308Hw+C1pzUcc2IqkOL/B1fNT53lwpgQhKVKqtIp438NhEIYv7H2t/l9SDgc=
Received: by 10.90.50.1 with SMTP id x1mr1261047agx.1169129762479;
        Thu, 18 Jan 2007 06:16:02 -0800 (PST)
Received: by 10.90.67.9 with HTTP; Thu, 18 Jan 2007 06:16:02 -0800 (PST)
Message-ID: <598ad5b50701180616w6047fa9dh1295b38177b3da23@mail.gmail.com>
Date: Thu, 18 Jan 2007 06:16:02 -0800
From: "Julius Davies" <juliusdavies@gmail.com>
To: "HttpClient User Discussion" <httpclient-user@jakarta.apache.org>
Subject: Re: HTTPS connections over a proxy
In-Reply-To: <3975e2d10701180545k5923d3bdp5669d6d5459065b@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_109825_241689.1169129762333"
References: <3975e2d10701180545k5923d3bdp5669d6d5459065b@mail.gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_109825_241689.1169129762333
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi, Lasse,

With HttpClient you have to specify your proxy settings directly.
HttpClient doesn't automatically pickup the JVM-wide proxy settings.  Take a
look at this page on the wiki:

http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedApplicationDesignQuestions#head-4808398f4e6d318df33672d886d1f27bd2845277

Meanwhile....

<soapbox>
Too many people are using EasySSLProtocolSocketFactory to just get things
working!  Try to not get into the habit!  You're seriously compromising most
of the benefits of SSL!  Please use
AuthSSLProtocolSocketFactory<http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup>(but
hand it a null keystore if you don't want to use client-certificates).
Or you can look into not-yet-commons-ssl:

http://juliusdavies.ca/commons-ssl/
http://juliusdavies.ca/commons-ssl/TrustExample.java.html

Use "java -jar not-yet-commons-ssl-0.0.5.jar" to acquire the self-signed
certificate directly from the server:
http://juliusdavies.ca/commons-ssl/utilities.html

The javadocs here are also useful, but I wouldn't bother using this class.
Personally I prefer "TrustExample.java.html".
http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/httpclient/contrib/ssl/TrustSSLProtocolSocketFactory.html
</soapbox>

ps.  The "Ping" utility can also work with proxies, so it can help you debug
SSL + Proxy situations.
java -jar not-yet-commons-ssl-0.0.5.jar


yours,

Julius


On 1/18/07, Lasse Koskela <lasse.koskela@gmail.com> wrote:
>
> Hi,
>
> I'm facing a problem with getting HttpClient to connect to a HTTPS URL
> through a proxy when using the EasySSLProtocolSocketFactory.
>
> For example, when I connect to "https://www.verisign.com" through a
> proxy with the out-of-the-box configuration, everything works fine.
> However, I need to connect to another server through the same proxy
> and that other server has a self-signed certificate (it's a test
> server).
>
> Originally I did the following:
>
>     ProtocolSocketFactory socketFactory = new
> EasySSLProtocolSocketFactory();
>     Protocol protocol = new Protocol("https", socketFactory, 443);
>     Protocol.registerProtocol(protocol.getScheme(), protocol);
>
> ...and everything worked--both against verisign.com and against the
> test server with a self-signed certificate. However, now they're both
> behind a HTTP proxy and the EasySSLProtocolSocketFactory doesn't seem
> to cut it anymore.
>
> What options do I have?
>
>
> Lasse
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>


-- 
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/

------=_Part_109825_241689.1169129762333--