hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Adrian.Fort...@BIT.admin.ch>
Subject Upgrading commons-httpclient-3.x to HttpClient4.x
Date Wed, 13 Feb 2013 10:12:02 GMT

Hi everyone

We are upgrading our commons-httpclient-3.0-rc4.jar to HttpClient4.2 in our Apps which are
deployed on Websphere V7.

We have a problem getting the right SSL-Configuration from the Websphere and I found out,
that this is because of new way the SSLSocketFactory is being created in the HttpClient4.X

In the old commons-httpclient-3.x we get the socketfactory in ReflectionSocketFactory.createSocket()
(Oleg you did it :-))
like this: javax.net.ssl.SSLSocketFactory.getDefault()

This way we get in Websphere the right SSLSocketFactory: com.ibm.websphere.ssl.protocol.SSLSocketFactory
(which is the default in java.security and uses WAS truststore and not java cacerts).


With the new HttpClient4.2 this has changed, we get socketfactory from org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory()
which return in Websphere another SSLSocketFactory (com.ibm.jsse2.SSLSocketFactoryImpl)


I can workaround this in HttpClient4.X if I use the old way of getting the socketFactory:

            javax.net.ssl.SSLSocketFactory wasSslFactory=(javax.net.ssl.SSLSocketFactory)
javax.net.ssl.SSLSocketFactory.getDefault();
            org.apache.http.conn.ssl.SSLSocketFactory socketFactory =
                                   new org.apache.http.conn.ssl.SSLSocketFactory(wasSslFactory,
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            org.apache.http.conn.scheme.Scheme sch = new org.apache.http.conn.scheme.Scheme("https",
443, socketFactory);
            SchemeRegistry schemeRegistry = new SchemeRegistry();
            schemeRegistry.register(sch);

but I don't understand why the way getting socketFactory in HttpClient4.X has changed, are
there any reasons?

Oleg, can you explain this please?

Thank you
Adrian

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message