« Return to Thread: Access to "system" SSL socket factory.
Re: Access to "system" SSL socket factory.
by olegk
::
Rate this Message:
On Wed, 2012-04-04 at 17:01 -0400, Mark Claassen wrote:
> We are still using HttpClient 4.01 and were considering upgrading to 4.1, but I see a feature we were using is gone. In 4.01, there
> was a DEFAULT_FACTORY which was the defined from HttpsURLConnection.getDefaultSSLSocketFactory();
>
> This was very useful to us. The reason for this was because our app is launched by Java Webstart. When using the default socket
> factory, we can benefit from Webstart handling the prompting for things like host name verification.
>
> More importantly, however, was webstart's ability to interface with the Window's keystore. We have a client that uses certificated
> based authentication for their SSL connections. Using the default socket factory makes everything just work. The users would get
> prompted for a certificate and then they could activate it off their hardware devices. (Presumably, then, the SSL encryption is
> handled by the device. I have no idea how I would do this without webstart.)
>
> I guess I would like to know what is my best path to take to get this working. Could I just subclass it and then override the
> connectSocket() methods? I noticed that the javax SSLSocketFactory has similar createSocket() methods...
>
> Thanks,
> Mark
>
Hi Mark
I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient
should not have had a direct dependency on HttpsURLConnection class.
You have two options:
(1) create a custom SSL socket factory that makes use of
HttpsURLConnection#getDefaultSSLSocketFactory()
(2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory().
This method creates an instance of SSLSocketFactory class using standard
JSSE system properties similar to HttpsURLConnection
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
> We are still using HttpClient 4.01 and were considering upgrading to 4.1, but I see a feature we were using is gone. In 4.01, there
> was a DEFAULT_FACTORY which was the defined from HttpsURLConnection.getDefaultSSLSocketFactory();
>
> This was very useful to us. The reason for this was because our app is launched by Java Webstart. When using the default socket
> factory, we can benefit from Webstart handling the prompting for things like host name verification.
>
> More importantly, however, was webstart's ability to interface with the Window's keystore. We have a client that uses certificated
> based authentication for their SSL connections. Using the default socket factory makes everything just work. The users would get
> prompted for a certificate and then they could activate it off their hardware devices. (Presumably, then, the SSL encryption is
> handled by the device. I have no idea how I would do this without webstart.)
>
> I guess I would like to know what is my best path to take to get this working. Could I just subclass it and then override the
> connectSocket() methods? I noticed that the javax SSLSocketFactory has similar createSocket() methods...
>
> Thanks,
> Mark
>
Hi Mark
I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient
should not have had a direct dependency on HttpsURLConnection class.
You have two options:
(1) create a custom SSL socket factory that makes use of
HttpsURLConnection#getDefaultSSLSocketFactory()
(2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory().
This method creates an instance of SSLSocketFactory class using standard
JSSE system properties similar to HttpsURLConnection
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@...
For additional commands, e-mail: httpclient-users-help@...
« Return to Thread: Access to "system" SSL socket factory.
| Free embeddable forum powered by Nabble | Forum Help |
