hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Furmaniak Christophe" <Christophe.Furman...@atosorigin.com>
Subject RE: Hostname verification
Date Fri, 14 Dec 2007 13:31:00 GMT
I don't really understand where is your problem.

In the AuthSSLProtocolSocketFactory   you have (for one of the createSocket methods):

public Socket createSocket(String host, int port) throws IOException, UnknownHostException
{
       return getSSLContext().getSocketFactory().createSocket(
            host,
            port
        );
 }


change it like this:

public Socket createSocket(String host, int port) throws IOException, UnknownHostException
{
	SSLSocket sslSocket = (SSLSocket) getSSLContext().getSocketFactory()
				.createSocket(host, port);
	verifyHostname(sslSocket);
	return sslSocket;
}

do that for each createSocket methods and use the verifyHostname(..) and getCN(..) methods
provided in the StrictSSLProtocolSocketFactory (and do what's needed to set the class member
verifyHostname used in verifyHostname)


christophe

 

 

> -----Message d'origine-----
> De : Massimiliano Masi [mailto:massimiliano.masi@math.unifi.it] 
> Envoyé : vendredi 14 décembre 2007 11:55
> À : httpclient-users@hc.apache.org
> Objet : RE: Hostname verification
> 
> Hi,
> 
> Quoting Furmaniak Christophe <Christophe.Furmaniak@atosorigin.com>:
> 
> >
> > You can easily mix both.
> 
> Yes, this is my problem :-)
> 
> I don't know how to mix them. According to the "strict", I need these:
> 
> 		SSLSession session = socket.getSession();
> 		String hostname = session.getPeerHost();
> 
> but in the authsslprotocolsocketfactory I have a plain socket.
> I tried to get the session from the getSSLContext
> 
>              getSSLContext().getServerSessionContext().getIds()
> 
> and then looping to the ids, but I did not get any Ids...
> 
> Thank you,
> 
>       Massimiliano
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message