Return-Path: Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: (qmail 14501 invoked from network); 7 May 2010 11:18:08 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 7 May 2010 11:18:08 -0000 Received: (qmail 8121 invoked by uid 500); 7 May 2010 11:18:07 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 7920 invoked by uid 500); 7 May 2010 11:18:06 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 7912 invoked by uid 99); 7 May 2010 11:18:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 May 2010 11:18:05 +0000 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=AWL,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [92.42.190.144] (HELO ok2cons2.nine.ch) (92.42.190.144) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 May 2010 11:17:57 +0000 Received: from [192.168.1.102] (178-83-227-183.dclient.hispeed.ch [178.83.227.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ok2cons2.nine.ch (Postfix) with ESMTPSA id 487B34BA2A0 for ; Fri, 7 May 2010 13:17:36 +0200 (CEST) Subject: Re: httpclient 4, ssl and client side certificates From: Oleg Kalnichevski To: HttpClient User Discussion In-Reply-To: <4BE38EE0.7000003@mnetgroup.com> References: <4BE38EE0.7000003@mnetgroup.com> Content-Type: text/plain; charset="UTF-8" Date: Fri, 07 May 2010 13:17:31 +0200 Message-ID: <1273231051.1638.8.camel@ubuntu> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit On Fri, 2010-05-07 at 13:24 +0930, Luke Coe wrote: > Hi All, > > I am having trouble working out how I can get get HttpClient 4 to use > SSL in the way I need. > > I have X HTTPS servers that I send requests to. One requires a client > side certificate while the others have trusted certificates and > therefore require no client side certificate. I have no issue connecting > to the server requiring the client side certificate (its in my > keystore), however every time I try to connect to the servers with > trusted certificates, my client side certificate is offered by > HttpClient and therefore fails authentication. > > My question is this: is there a way for HttpClient to offer the client > side certificate only to the server requiring it and not to the others? > > Thanks in advance, > Luke Luke This is entirely out of HttpClient control. All aspects of SSL authentication can be controlled through the JSSE API. Besides, I always thought that SSL clients would present a certificate ONLY if challenged by the server. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org For additional commands, e-mail: httpclient-users-help@hc.apache.org