hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Upgrading commons-httpclient-3.x to HttpClient4.x
Date Thu, 14 Feb 2013 14:34:34 GMT
On Wed, 2013-02-13 at 10:12 +0000, Adrian.Fortuzi@BIT.admin.ch wrote:
> Hi everyone
> 
> We are upgrading our commons-httpclient-3.0-rc4.jar to HttpClient4.2 in our Apps which
are deployed on Websphere V7.
> 
> We have a problem getting the right SSL-Configuration from the Websphere and I found
out,
> that this is because of new way the SSLSocketFactory is being created in the HttpClient4.X
> 
> In the old commons-httpclient-3.x we get the socketfactory in ReflectionSocketFactory.createSocket()
(Oleg you did it :-))
> like this: javax.net.ssl.SSLSocketFactory.getDefault()
> 
> This way we get in Websphere the right SSLSocketFactory: com.ibm.websphere.ssl.protocol.SSLSocketFactory
> (which is the default in java.security and uses WAS truststore and not java cacerts).
> 
> 
> With the new HttpClient4.2 this has changed, we get socketfactory from org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory()
> which return in Websphere another SSLSocketFactory (com.ibm.jsse2.SSLSocketFactoryImpl)
> 
> 
> I can workaround this in HttpClient4.X if I use the old way of getting the socketFactory:
> 
>             javax.net.ssl.SSLSocketFactory wasSslFactory=(javax.net.ssl.SSLSocketFactory)
javax.net.ssl.SSLSocketFactory.getDefault();
>             org.apache.http.conn.ssl.SSLSocketFactory socketFactory =
>                                    new org.apache.http.conn.ssl.SSLSocketFactory(wasSslFactory,
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
>             org.apache.http.conn.scheme.Scheme sch = new org.apache.http.conn.scheme.Scheme("https",
443, socketFactory);
>             SchemeRegistry schemeRegistry = new SchemeRegistry();
>             schemeRegistry.register(sch);
> 
> but I don't understand why the way getting socketFactory in HttpClient4.X has changed,
are there any reasons?
> 
> Oleg, can you explain this please?
> 
> Thank you
> Adrian

Adrian,

While in the WAS context javax.net.ssl.SSLSocketFactory#getDefault()
might be the right thing to do, generally applications are expected to
explicitly configure SSL context they should be operating with. 

What you have is not a workaround but rather a correct (and recommended)
approach to setting up SSL security with HttpClient.

What I could do, though, is to make HttpClient use
javax.net.ssl.SSLSocketFactory#getDefault() by default in the 4.3
branch.

Hope this helps

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message