Return-Path: Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: (qmail 7511 invoked from network); 11 Feb 2009 19:02:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Feb 2009 19:02:25 -0000 Received: (qmail 35298 invoked by uid 500); 11 Feb 2009 19:02:24 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 35213 invoked by uid 500); 11 Feb 2009 19:02:24 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 35202 invoked by uid 99); 11 Feb 2009 19:02:24 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2009 11:02:24 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [85.13.136.190] (HELO dd15512.kasserver.com) (85.13.136.190) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2009 19:02:14 +0000 Received: from michael-baierls-computer-2.local (chello084114009253.5.14.vie.surfer.at [84.114.9.253]) by dd15512.kasserver.com (Postfix) with ESMTP id 94A7C1833074E for ; Wed, 11 Feb 2009 20:01:53 +0100 (CET) Message-ID: <499320A2.6090906@mbaierl.com> Date: Wed, 11 Feb 2009 20:01:54 +0100 From: Michael Baierl User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: HttpClient User Discussion Subject: Re: Simple code through proxy not working References: <4992DC2F.2050805@mbaierl.com> <4993051B.10809@apache.org> In-Reply-To: <4993051B.10809@apache.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hi Oleg! Oleg Kalnichevski wrote: > Michael Baierl wrote: >> Hi there, >> >> I have some pretty simple code that is not working through a proxy. >> >> What I have: >> -) an open proxy which does not require authentication >> -) the proxy listens on port 80 >> -) I verified using curl that everything works as expected >> >> What I want to do: >> -) request http://somewhere/ through the proxy >> -) request https://somewhere/ through the proxy >> >> I did some packet sniffing and to me it seems that HttpClient 3 is not >> going to do a CONNECT first. >> >> What I would expect: >> -) On the request to http://somewhere/ >> 1) connect to the proxy on the given port (80) >> 2) use CONNECT somewhere:80 >> 3) do a GET request >> 4) done > > Your expectation is wrong. HttpClient does not have to do that. Plain > HTTP requests send via standard (caching) proxies are only required to > contain an absolute request URI. > > http://www.faqs.org/rfcs/rfc2616.html > > --- > 5.1.2 Request-URI > > ... > > The absoluteURI form is REQUIRED when the request is being made to a > proxy. The proxy is requested to forward the request or service it > from a valid cache, and return the response. Note that the proxy MAY > forward the request on to another proxy or directly to the server > > --- Fair enough and works fine that way as well. What does not work is the second case: > > >> -) On the request to https://somewhere/ (SSL!) >> 1) connect to the proxy on the given port (80) >> 2) use CONNECT somewhere:443 >> 3) build up the SSL connection >> 4) do a GET request >> 5) done >> > > Are you using a custom SSL socket factory by any chance? Are you sure it > is implemented correctly? As you can see below I use the standard supplied EasySSLProtocolSocketFactory. Where I see the issue is the fact that the connection between HttpClient and the proxy is unencrypted (the "CONNECT www.somewhere.com:443" is in plain text) and then an SSL encrypted connection to the target server has to be made. >> Packet sniffing has shown me that this is not the case, HttpClient >> just fails and does not connect using the CONNECT function... Further tests have shown me that just adding a proxy like below httpclient.getHostConfiguration().setProxy("10.10.1.10", 80); does not use SSL between HttpClient and the target server. >> >> Any ideas? >> >> >> **************************************************** >> HttpClient httpclient = null; >> MultiThreadedHttpConnectionManager connectionManager = null; >> >> if(connectionManager == null) >> connectionManager = new MultiThreadedHttpConnectionManager(); >> >> connectionManager.getParams().setDefaultMaxConnectionsPerHost(4); >> connectionManager.getParams().setMaxTotalConnections(20); >> connectionManager.getParams().setConnectionTimeout(5000); >> >> if(httpclient == null) >> { >> httpclient = new HttpClient(connectionManager); >> httpclient.getParams() >> .setParameter(HttpClientParams.USER_AGENT, >> "MyUserAgent/0.0.0"); >> httpclient.getParams() >> .setParameter(HttpClientParams.HTTP_CONTENT_CHARSET, >> "UTF-8"); >> // register an SSL protocol factory >> Protocol.registerProtocol("https", >> new Protocol("https", >> new EasySSLProtocolSocketFactory(), 443)); } >> >> // set my proxy >> httpclient.getHostConfiguration().setProxy("10.10.1.10", 80); >> >> HttpMethod method = null; >> method = new GetMethod(url); >> method.setFollowRedirects(false); >> method.setDoAuthentication(false); >> method.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new >> DefaultHttpMethodRetryHandler(1, true)); >> try >> { >> int status = httpclient.executeMethod(method); >> String content = method.getResponseBodyAsString(); >> // do something >> } >> catch(Exception ex) >> { >> method.abort(); >> } >> finally >> { >> method.releaseConnection(); >> } >> >> >> **************************************************** >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org For additional commands, e-mail: httpclient-users-help@hc.apache.org