hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhanushka Amarakoon <dhanushkaamarak...@iil.informatics.lk>
Subject RE: HTTPS Certification problem
Date Mon, 02 Jul 2007 06:22:44 GMT
Hi

I did what you suggested but I am unable to still obtain the result that I
require.

Can anyone please tell me a way to dynamically change the truststore used.
It doesn't have to be something related to AuthSSLProtocolSocketFactory. Any
way to do it would be fine. 

I need to
1. Execute a HTTP get command
2. Check the truststore for any valid certificates.
3. If the truststore doesn't have the valid certificate obtain it from the
end server and store it in the truststore.
4. reexecute the HTTP get command. Have to make sure that the truststore
used is the newly updated truststore.

I am able to do steps 1-3 successfully.
But I am not able to reexecute the HTTP command again successfully as it
still only obtains certificates from the old truststore not the new updated
one.

BTW
Thanks go out to Roland for helping me out.

Reguards

Dhanushka Amrakoon


-----Original Message-----
From: Roland Weber [mailto:ossfwot@dubioso.net] 
Sent: Friday, June 29, 2007 10:49 PM
To: HttpClient User Discussion
Subject: Re: HTTPS Certification problem

Hello Dhanushka,

>     while (retry <= retryCount) {
> 
>       try {
> 
>         Protocol authhttps = new Protocol("https",
>                                           new
AuthSSLProtocolSocketFactory(
>             new URL(
>  
> "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"),

That is a really strange format for a URL. I would have used
file:///e:/Dhanushka/Connectors/AptiloConnector_new/my.keyStore
Anyway, if it works.

>             "112233",
>             new URL(
>  
> "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"),
>             "112233"), 443);
> //        httpclient.getHostConfiguration().setHost("localhost", 443,
> authhttps);
>         Protocol.registerProtocol("https", authhttps);

It is a rather bad idea to register the protocol in a loop.
And it may not work as expected, depending on how the
AuthSSLProtocolSocketFactory relates to SSL contexts.
I can't tell you details, because I don't know them.
But this _feels_ all wrong.
Use one single AuthSSLProtocolSocketFactory. Modify the
code of that factory so you can update the key store at
runtime. Test and debug until you are sure that the new
key store content is picked up at runtime.
Then verify that the initial key store is read from the
file referenced above. Afterwards, verify that updates
to the key store are written to that very file. And make
sure that the writing succeeds and is not prevented by
some spurious file locks because a file is not properly
closed or some such interference.

good luck,
  Roland


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message