« Return to Thread: Access to "system" SSL socket factory.
RE: Access to "system" SSL socket factory.
by Mark Claassen-2
::
Rate this Message:
Thanks for the reply. I think that addresses my questions. I will check out the 4.2 source code and see if that is what I had in mind.
Mark
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@...]
Sent: Monday, April 09, 2012 3:55 PM
To: HttpClient User Discussion
Subject: Re: Access to "system" SSL socket factory.
On Wed, 2012-04-04 at 17:01 -0400, Mark Claassen wrote:
> We are still using HttpClient 4.01 and were considering upgrading to
> 4.1, but I see a feature we were using is gone. In 4.01, there was a
> DEFAULT_FACTORY which was the defined from
> HttpsURLConnection.getDefaultSSLSocketFactory();
>
> This was very useful to us. The reason for this was because our app
> is launched by Java Webstart. When using the default socket factory, we can benefit from Webstart handling the prompting for things like host name verification.
>
> More importantly, however, was webstart's ability to interface with
> the Window's keystore. We have a client that uses certificated based
> authentication for their SSL connections. Using the default socket
> factory makes everything just work. The users would get prompted for
> a certificate and then they could activate it off their hardware
> devices. (Presumably, then, the SSL encryption is handled by the
> device. I have no idea how I would do this without webstart.)
>
> I guess I would like to know what is my best path to take to get this
> working. Could I just subclass it and then override the
> connectSocket() methods? I noticed that the javax SSLSocketFactory has similar createSocket() methods...
>
> Thanks,
> Mark
>
Hi Mark
I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient should not have had a direct dependency on HttpsURLConnection class.
You have two options:
(1) create a custom SSL socket factory that makes use of
HttpsURLConnection#getDefaultSSLSocketFactory()
(2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory().
This method creates an instance of SSLSocketFactory class using standard JSSE system properties similar to HttpsURLConnection
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
Mark
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@...]
Sent: Monday, April 09, 2012 3:55 PM
To: HttpClient User Discussion
Subject: Re: Access to "system" SSL socket factory.
On Wed, 2012-04-04 at 17:01 -0400, Mark Claassen wrote:
> We are still using HttpClient 4.01 and were considering upgrading to
> 4.1, but I see a feature we were using is gone. In 4.01, there was a
> DEFAULT_FACTORY which was the defined from
> HttpsURLConnection.getDefaultSSLSocketFactory();
>
> This was very useful to us. The reason for this was because our app
> is launched by Java Webstart. When using the default socket factory, we can benefit from Webstart handling the prompting for things like host name verification.
>
> More importantly, however, was webstart's ability to interface with
> the Window's keystore. We have a client that uses certificated based
> authentication for their SSL connections. Using the default socket
> factory makes everything just work. The users would get prompted for
> a certificate and then they could activate it off their hardware
> devices. (Presumably, then, the SSL encryption is handled by the
> device. I have no idea how I would do this without webstart.)
>
> I guess I would like to know what is my best path to take to get this
> working. Could I just subclass it and then override the
> connectSocket() methods? I noticed that the javax SSLSocketFactory has similar createSocket() methods...
>
> Thanks,
> Mark
>
Hi Mark
I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient should not have had a direct dependency on HttpsURLConnection class.
You have two options:
(1) create a custom SSL socket factory that makes use of
HttpsURLConnection#getDefaultSSLSocketFactory()
(2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory().
This method creates an instance of SSLSocketFactory class using standard JSSE system properties similar to HttpsURLConnection
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
« Return to Thread: Access to "system" SSL socket factory.
| Free embeddable forum powered by Nabble | Forum Help |
