hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Keyes <PKe...@starbucks.com>
Subject Re: hc-4.3.6: AllowAllVerifier not used
Date Wed, 17 Dec 2014 19:28:34 GMT
Thank you Oleg - very interesting.  The only information that I see in the
JavaDoc is:
	When a particular component is not explicitly this class will use its
default
	implementation. System properties will be taken into account when
configuring
	the default implementations when useSystemProperties() method is called
prior
	to calling build().

When I read that it would imply that anything not "customized" will
fallback to the same value as provided by HttpClients.createDefault().
Obviously, I was dead flat wrong in how I interpreted the documentation.

 Which of the following also lose their default behavior after going down
the custom path?
	setConnectionBackoffStrategy(ConnectionBackoffStrategy
connectionBackoffStrategy)
	setConnectionReuseStrategy(ConnectionReuseStrategy reuseStrategy)
	setDefaultAuthSchemeRegistry(Lookup<AuthSchemeProvider>
authSchemeRegistry)
	setDefaultConnectionConfig(ConnectionConfig config)
	setDefaultCookieSpecRegistry(Lookup<CookieSpecProvider>
cookieSpecRegistry)
	setDefaultCookieStore(CookieStore cookieStore)
	setDefaultHeaders(Collection<? extends Header> defaultHeaders)
	setDefaultSocketConfig(SocketConfig config)
	setHttpProcessor(HttpProcessor httpprocessor)
	setKeepAliveStrategy(ConnectionKeepAliveStrategy keepAliveStrategy)
	setProxy(HttpHost proxy)
	setProxyAuthenticationStrategy(AuthenticationStrategy proxyAuthStrategy)
	setRedirectStrategy(RedirectStrategy redirectStrategy)
	setRequestExecutor(HttpRequestExecutor requestExec)
	setRetryHandler(HttpRequestRetryHandler retryHandler)
	setRoutePlanner(HttpRoutePlanner routePlanner)
	setSchemePortResolver(SchemePortResolver schemePortResolver)
	setServiceUnavailableRetryStrategy(ServiceUnavailableRetryStrategy
serviceUnavailStrategy)
	setSSLSocketFactory(LayeredConnectionSocketFactory sslSocketFactory)
	setTargetAuthenticationStrategy(AuthenticationStrategy targetAuthStrategy)
	setUserAgent(String userAgent)
	setUserTokenHandler(UserTokenHandler userTokenHandler)




Just want to make sure all bases are covered in our system framework.

-- 
Pete Keyes

Starbucks Coffee Co.
w: 206.318.5933
m: 206.914.4134




On 12/17/14 1:02 AM, "Oleg Kalnichevski" <olegk@apache.org> wrote:

>On Tue, 2014-12-16 at 18:08 +0000, Pete Keyes wrote:
>> Below is a unit test that attempts to use the
>>"SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER" option.  It
>>never works and the wire level debug indicates that HC is always using
>>"BrowserCompatHostnameVerifier" instead.  Can someone explain why or
>>where my code is incorrect?
>> 
>...
>
>Hi Pete
>
>You need to be careful when using a custom connection manager. When used
>it overrides all other custom connection management related settings.
>For details see HttpClientBuilder javadocs.
>
>---
>X509HostnameVerifier hostnameVerifier = new X509HostnameVerifier() {
>    @Override
>    public void verify(final String host, final SSLSocket ssl) throws
>IOException {
>        System.out.println("I am easy");
>    }
>    @Override
>    public void verify(final String host, final X509Certificate cert)
>throws SSLException {
>        System.out.println("I am easy");
>    }
>    @Override
>    public void verify(final String host, final String[] cns, final
>String[] subjectAlts) throws SSLException {
>        System.out.println("I am easy");
>    }
>    @Override
>    public boolean verify(final String s, final SSLSession sslSession) {
>        System.out.println("I am easy");
>        return true;
>    }
>};
>
>CloseableHttpClient client1 = HttpClients.custom()
>        .setHostnameVerifier(hostnameVerifier)
>        .build();
>CloseableHttpResponse response1 = client1.execute(new
>HttpGet("https://verisign.com/"));
>try {
>    System.out.println(response1.getStatusLine());
>} finally {
>    response1.close();
>}
>
>SSLConnectionSocketFactory sslSocketFactory = new
>SSLConnectionSocketFactory(
>        SSLContexts.createSystemDefault(), hostnameVerifier);
>Registry<ConnectionSocketFactory> registry =
>RegistryBuilder.<ConnectionSocketFactory>create()
>        .register("http", PlainConnectionSocketFactory.getSocketFactory())
>        .register("https", sslSocketFactory)
>        .build();
>BasicHttpClientConnectionManager cm = new
>BasicHttpClientConnectionManager(registry);
>CloseableHttpClient client2 = HttpClients.custom()
>        .setConnectionManager(cm)
>        .build();
>CloseableHttpResponse response2 = client2.execute(new
>HttpGet("https://verisign.com/"));
>try {
>    System.out.println(response2.getStatusLine());
>} finally {
>    response2.close();
>}
>---
>
>In both cases custom hostname verifier was called for me.
>
>Hope this helps
>
>Oleg
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>For additional commands, e-mail: httpclient-users-help@hc.apache.org
>

Mime
View raw message