RE: Access to "system" SSL socket factory.

> I have had some success wrapping the socket factory in HTTP Client (v4.1.3) and getting that to work. :) However, I have a few
> questions:
>
> First, how do you feel about having a constructor that would set the final variables directly:
> - javax.net.ssl.SSLSocketFactory
> - HostNameResolver
> - X509HostnameVerifier
> Having this would have made what I needed to do very straight-forward and simple since I could have just passed in the socket
> factory I wanted to use.
>

> Second, in this class there is a Socket created not through the SocketFactory in one place, and I was wondering why.  Here is what
> it looks like in org.apache.http.conn.ssl.SSLSocketFactory
>
>     public Socket connectSocket(
>             final Socket socket,
>             final InetSocketAddress remoteAddress,
>             final InetSocketAddress localAddress,
>             final HttpParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
>         if (remoteAddress == null) {
>             throw new IllegalArgumentException("Remote address may not be null");
>         }
>         if (params == null) {
>             throw new IllegalArgumentException("HTTP parameters may not be null");
>         }
> >>>>    Socket sock = socket != null ? socket : new Socket(); <<<<
>
> Shouldn't this be
>         Socket sock = socket != null ? socket : socketfactory.createSocket();
>

> Later in the code, it then checks the Socket type, and since it will not be an SSL socket, it will then call:
>         this.socketfactory.createSocket(sock, hostname, port, true);
>
> This seemed an odd pattern to me.  I can see a potential reason for it, but wasn't sure about it and was not sure if this would be a
> possible point of failure in my situation.
>
> Thanks,
> Mark
>
> -----Original Message-----
> From: Mark Claassen [mailto:mac01@...]
> Sent: Wednesday, April 04, 2012 5:01 PM
> To: httpclient-users@...
> Subject: Access to "system" SSL socket factory.
>
> We are still using HttpClient 4.01 and were considering upgrading to 4.1, but I see a feature we were using is gone.  In 4.01, there
> was a DEFAULT_FACTORY which was the defined from HttpsURLConnection.getDefaultSSLSocketFactory();
>
> This was very useful to us.  The reason for this was because our app is launched by Java Webstart.  When using the default socket
> factory, we can benefit from Webstart handling the prompting for things like host name verification.
>
> More importantly, however, was webstart's ability to interface with the Window's keystore.  We have a client that uses certificated
> based authentication for their SSL connections.  Using the default socket factory makes everything just work.  The users would get
> prompted for a certificate and then they could activate it off their hardware devices.  (Presumably, then, the SSL encryption is
> handled by the device.  I have no idea how I would do this without webstart.)
>
> I guess I would like to know what is my best path to take to get this working.  Could I just subclass it and then override the
> connectSocket() methods?  I noticed that the javax SSLSocketFactory has similar createSocket() methods...
>
> Thanks,
> Mark
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@...
> For additional commands, e-mail: httpclient-users-help@...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@...
> For additional commands, e-mail: httpclient-users-help@...
>