SocketFactory, SSL and proxies

> Hello,
>
> I'm using HttpClient-4 and I'm trying to proxy SSL connections over a
> special proxy.
> To do this I've created my own SocketFactory that is a copy of the
> SSLSocketFactory provided in the source.
>
> I've modified the function:
>
> Socket connectSocket(Socket sock,
>                      String host,
>                      int port,
>                      InetAddress localAddress,
>                      int localPort,
>                      HttpParams params)
>                      throws IOException,
>                             UnknownHostException,
>                             ConnectTimeoutException
>
> so that it creates a socket to my proxy and performs my handshake with
> it then creates new SSLSocket over the top of it. It then returns that
> new SSL socket.
>
> The docs say that this functions returns:
>     "the connected socket. The returned object may be different from
> the sock argument if this factory supports a layered protocol. "
> and so I didn't think there would be any issue. HttpClient, however,
> appears to use the old sock argument socket and not the returned one.
>
> A quick peek at the source showed:
> In org.apache.http.impl.conn.DefaultClientConnectionOperator:
>
> 117         final SocketFactory sf = schm.getSocketFactory();
> 118
> 119         Socket sock = sf.createSocket();
> 120         conn.opening(sock, target);
> 121
> 122         try {
> 123             sock = sf.connectSocket(sock, target.getHostName(),
> 124                     schm.resolvePort(target.getPort()),
> 125                     local, 0, params);
> 126         } catch (ConnectException ex) {
> 127             throw new HttpHostConnectException(target, ex);
> 128         }
> 129         prepareSocket(sock, context, params);
> 130         conn.openCompleted(sf.isSecure(sock), params);
>
> I would expect conn to be notified of the new value of sock returned
> by sf.connectSocket(...);
>
> Am I misunderstanding SocketFactories?
>

> On Wed, Sep 09, 2009 at 01:32:11PM +0100, Connell Gauld wrote:
>> Hello,
>>
>> I'm using HttpClient-4 and I'm trying to proxy SSL connections over a
>> special proxy.
>> To do this I've created my own SocketFactory that is a copy of the
>> SSLSocketFactory provided in the source.
>>
>> I've modified the function:
>>
>> Socket connectSocket(Socket sock,
>>                      String host,
>>                      int port,
>>                      InetAddress localAddress,
>>                      int localPort,
>>                      HttpParams params)
>>                      throws IOException,
>>                             UnknownHostException,
>>                             ConnectTimeoutException
>>
>> so that it creates a socket to my proxy and performs my handshake with
>> it then creates new SSLSocket over the top of it. It then returns that
>> new SSL socket.
>>
>> The docs say that this functions returns:
>>     "the connected socket. The returned object may be different from
>> the sock argument if this factory supports a layered protocol. "
>> and so I didn't think there would be any issue. HttpClient, however,
>> appears to use the old sock argument socket and not the returned one.
>>
>> A quick peek at the source showed:
>> In org.apache.http.impl.conn.DefaultClientConnectionOperator:
>>
>> 117         final SocketFactory sf = schm.getSocketFactory();
>> 118
>> 119         Socket sock = sf.createSocket();
>> 120         conn.opening(sock, target);
>> 121
>> 122         try {
>> 123             sock = sf.connectSocket(sock, target.getHostName(),
>> 124                     schm.resolvePort(target.getPort()),
>> 125                     local, 0, params);
>> 126         } catch (ConnectException ex) {
>> 127             throw new HttpHostConnectException(target, ex);
>> 128         }
>> 129         prepareSocket(sock, context, params);
>> 130         conn.openCompleted(sf.isSecure(sock), params);
>>
>> I would expect conn to be notified of the new value of sock returned
>> by sf.connectSocket(...);
>>
>> Am I misunderstanding SocketFactories?
>>
>
> Connell,
>
> Connection management API has been designed by a developer who has left the
> project a while ago. I personally do not always understand all its intricacies
> and to me it feels quite over-designed. I would have thought on should be
> expected to use OperatedClientConnection#update when implementing proxied
> connections.
>
> Anyhow, I do see there can be a problem if SocketFactory#connectSocket returns
> a different Socket instance than the one passed in as a parameter. Please open
> a JIRA for this issue.
>
> https://issues.apache.org/jira/browse/HTTPCLIENT
>
> Oleg

>
>> Thanks,
>> Connell
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@...
>> For additional commands, e-mail: httpclient-users-help@...
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@...
> For additional commands, e-mail: httpclient-users-help@...
>
>