hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Access to "system" SSL socket factory.
Date Mon, 09 Apr 2012 19:55:22 GMT
On Wed, 2012-04-04 at 17:01 -0400, Mark Claassen wrote:
> We are still using HttpClient 4.01 and were considering upgrading to 4.1, but I see a
feature we were using is gone.  In 4.01, there
> was a DEFAULT_FACTORY which was the defined from HttpsURLConnection.getDefaultSSLSocketFactory();
> 
> This was very useful to us.  The reason for this was because our app is launched by Java
Webstart.  When using the default socket
> factory, we can benefit from Webstart handling the prompting for things like host name
verification.
> 
> More importantly, however, was webstart's ability to interface with the Window's keystore.
 We have a client that uses certificated
> based authentication for their SSL connections.  Using the default socket factory makes
everything just work.  The users would get
> prompted for a certificate and then they could activate it off their hardware devices.
 (Presumably, then, the SSL encryption is
> handled by the device.  I have no idea how I would do this without webstart.)
> 
> I guess I would like to know what is my best path to take to get this working.  Could
I just subclass it and then override the
> connectSocket() methods?  I noticed that the javax SSLSocketFactory has similar createSocket()
methods...
> 
> Thanks,
> Mark
> 

Hi Mark

I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient
should not have had a direct dependency on HttpsURLConnection class.

You have two options: 
(1) create a custom SSL socket factory that makes use of
HttpsURLConnection#getDefaultSSLSocketFactory()

(2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory().
This method creates an instance of SSLSocketFactory class using standard
JSSE system properties similar to HttpsURLConnection

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message