You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Philippe Mouawad <ph...@gmail.com> on 2015/12/21 18:52:19 UTC
About SNI support in HC4.5
Hello,
Looking at:
- https://issues.apache.org/jira/browse/HTTPCLIENT-1119
1/ It is not clear for me how the fix works if commit association is
correct:
- https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
Is the fix about replacing:
final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
with :
SocketFactory.getDefault().createSocket();
2/ Is the fix only for Java 7 or does it work on Java 8?
3/ Also wondering, I see only SSLConnectionSocketFactory is concerned by
fix, so I suppose that SSLSocketFactory was not fixed ?
So I suppose that upgrading to HC4.5.1 from HC4.2.3 will not fix the issue
unless
SSLSocketFactory is used instead of
SSLConnectionSocketFactory
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hello Oleg,
Thanks for answer.
Could you elaborate a bit more on your answer ?
Also, is there a chance that you fix the issue also in deprecated code of
httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too complex
?
Thanks
Regards
On Wed, Dec 23, 2015 at 2:39 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > Hi,
> > Any answer on the 1/ question ?
> > Thanks
> > Regards
> >
> > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > philippe.mouawad@gmail.com> wrote:
> >
> > > Hi,
> > > With further investigation, I answered to some of my questions.
> > >
> > > Regards
> > >
> > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > philippe.mouawad@gmail.com> wrote:
> > >
> > >> Hello,
> > >> Looking at:
> > >>
> > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > >>
> > >>
> > >> 1/ It is not clear for me how the fix works if commit association is
> > >> correct:
> > >>
> > >> -
> https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > >>
> > >> Is the fix about replacing:
> > >>
> > >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> > >>
> > >> with :
> > >> SocketFactory.getDefault().createSocket();
>
> Pretty much. Please note though that the use of a plain socket instead
> of a fully initialized SSL socket causes a different execution path in
> #connectSocket method.
>
> Oleg
>
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
For info,
fix done in JMeter based on the first patch attached to Httpclient issue
that by reflection sets the host on the java socket.
Regards
On Wednesday, December 30, 2015, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> Ok, I understand , thanks Oleg.
> I was just thinking that if you had the fix in new layers, it would maybe
> be easy to fix it in deprecated ones. But I agree it might be loss of time
> on your side.
>
> On our side, as migration to 4.5.2 is not that easy and will surely take
> time, it would have been helpful.
>
> Regards
> Philippe
>
> On Wed, Dec 30, 2015 at 10:43 AM, Oleg Kalnichevski <olegk@apache.org
> <javascript:_e(%7B%7D,'cvml','olegk@apache.org');>> wrote:
>
>> On Tue, 2015-12-29 at 09:22 +0100, Philippe Mouawad wrote:
>> > Hello Oleg,
>> > Thanks for answer.
>> > Could you elaborate a bit more on your answer ?
>> >
>> > Also, is there a chance that you fix the issue also in deprecated code
>> of
>> > httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too
>> complex
>> > ?
>> >
>>
>> I personally see no point in fixing non-critical bugs in deprecated
>> code. This time can be better spent elsewhere. However I can commit a
>> fix though if contributed.
>>
>> Oleg
>>
>>
>> > Thanks
>> >
>> > On Wednesday, December 23, 2015, Oleg Kalnichevski <olegk@apache.org
>> <javascript:_e(%7B%7D,'cvml','olegk@apache.org');>> wrote:
>> >
>> > > On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
>> > > > Hi,
>> > > > Any answer on the 1/ question ?
>> > > > Thanks
>> > > > Regards
>> > > >
>> > > > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
>> > > > philippe.mouawad@gmail.com
>> <javascript:_e(%7B%7D,'cvml','philippe.mouawad@gmail.com');>
>> <javascript:;>> wrote:
>> > > >
>> > > > > Hi,
>> > > > > With further investigation, I answered to some of my questions.
>> > > > >
>> > > > > Regards
>> > > > >
>> > > > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
>> > > > > philippe.mouawad@gmail.com
>> <javascript:_e(%7B%7D,'cvml','philippe.mouawad@gmail.com');>
>> <javascript:;>> wrote:
>> > > > >
>> > > > >> Hello,
>> > > > >> Looking at:
>> > > > >>
>> > > > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>> > > > >>
>> > > > >>
>> > > > >> 1/ It is not clear for me how the fix works if commit
>> association is
>> > > > >> correct:
>> > > > >>
>> > > > >> -
>> > > https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
>> > > > >>
>> > > > >> Is the fix about replacing:
>> > > > >>
>> > > > >> final SSLSocket sock = (SSLSocket)
>> this.socketfactory.createSocket();
>> > > > >>
>> > > > >> with :
>> > > > >> SocketFactory.getDefault().createSocket();
>> > >
>> > > Pretty much. Please note though that the use of a plain socket instead
>> > > of a fully initialized SSL socket causes a different execution path in
>> > > #connectSocket method.
>> > >
>> > > Oleg
>> > >
>> > >
>> > >
>> > >
>> >
>>
>>
>>
>
>
> --
> Cordialement.
> Philippe Mouawad.
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
For info,
fix done in JMeter based on the first patch attached to Httpclient issue
that by reflection sets the host on the java socket.
Regards
On Wednesday, December 30, 2015, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> Ok, I understand , thanks Oleg.
> I was just thinking that if you had the fix in new layers, it would maybe
> be easy to fix it in deprecated ones. But I agree it might be loss of time
> on your side.
>
> On our side, as migration to 4.5.2 is not that easy and will surely take
> time, it would have been helpful.
>
> Regards
> Philippe
>
> On Wed, Dec 30, 2015 at 10:43 AM, Oleg Kalnichevski <olegk@apache.org
> <javascript:_e(%7B%7D,'cvml','olegk@apache.org');>> wrote:
>
>> On Tue, 2015-12-29 at 09:22 +0100, Philippe Mouawad wrote:
>> > Hello Oleg,
>> > Thanks for answer.
>> > Could you elaborate a bit more on your answer ?
>> >
>> > Also, is there a chance that you fix the issue also in deprecated code
>> of
>> > httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too
>> complex
>> > ?
>> >
>>
>> I personally see no point in fixing non-critical bugs in deprecated
>> code. This time can be better spent elsewhere. However I can commit a
>> fix though if contributed.
>>
>> Oleg
>>
>>
>> > Thanks
>> >
>> > On Wednesday, December 23, 2015, Oleg Kalnichevski <olegk@apache.org
>> <javascript:_e(%7B%7D,'cvml','olegk@apache.org');>> wrote:
>> >
>> > > On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
>> > > > Hi,
>> > > > Any answer on the 1/ question ?
>> > > > Thanks
>> > > > Regards
>> > > >
>> > > > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
>> > > > philippe.mouawad@gmail.com
>> <javascript:_e(%7B%7D,'cvml','philippe.mouawad@gmail.com');>
>> <javascript:;>> wrote:
>> > > >
>> > > > > Hi,
>> > > > > With further investigation, I answered to some of my questions.
>> > > > >
>> > > > > Regards
>> > > > >
>> > > > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
>> > > > > philippe.mouawad@gmail.com
>> <javascript:_e(%7B%7D,'cvml','philippe.mouawad@gmail.com');>
>> <javascript:;>> wrote:
>> > > > >
>> > > > >> Hello,
>> > > > >> Looking at:
>> > > > >>
>> > > > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>> > > > >>
>> > > > >>
>> > > > >> 1/ It is not clear for me how the fix works if commit
>> association is
>> > > > >> correct:
>> > > > >>
>> > > > >> -
>> > > https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
>> > > > >>
>> > > > >> Is the fix about replacing:
>> > > > >>
>> > > > >> final SSLSocket sock = (SSLSocket)
>> this.socketfactory.createSocket();
>> > > > >>
>> > > > >> with :
>> > > > >> SocketFactory.getDefault().createSocket();
>> > >
>> > > Pretty much. Please note though that the use of a plain socket instead
>> > > of a fully initialized SSL socket causes a different execution path in
>> > > #connectSocket method.
>> > >
>> > > Oleg
>> > >
>> > >
>> > >
>> > >
>> >
>>
>>
>>
>
>
> --
> Cordialement.
> Philippe Mouawad.
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Ok, I understand , thanks Oleg.
I was just thinking that if you had the fix in new layers, it would maybe
be easy to fix it in deprecated ones. But I agree it might be loss of time
on your side.
On our side, as migration to 4.5.2 is not that easy and will surely take
time, it would have been helpful.
Regards
Philippe
On Wed, Dec 30, 2015 at 10:43 AM, Oleg Kalnichevski <ol...@apache.org>
wrote:
> On Tue, 2015-12-29 at 09:22 +0100, Philippe Mouawad wrote:
> > Hello Oleg,
> > Thanks for answer.
> > Could you elaborate a bit more on your answer ?
> >
> > Also, is there a chance that you fix the issue also in deprecated code of
> > httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too
> complex
> > ?
> >
>
> I personally see no point in fixing non-critical bugs in deprecated
> code. This time can be better spent elsewhere. However I can commit a
> fix though if contributed.
>
> Oleg
>
>
> > Thanks
> >
> > On Wednesday, December 23, 2015, Oleg Kalnichevski <ol...@apache.org>
> wrote:
> >
> > > On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > > > Hi,
> > > > Any answer on the 1/ question ?
> > > > Thanks
> > > > Regards
> > > >
> > > > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > > >
> > > > > Hi,
> > > > > With further investigation, I answered to some of my questions.
> > > > >
> > > > > Regards
> > > > >
> > > > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > > > >
> > > > >> Hello,
> > > > >> Looking at:
> > > > >>
> > > > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > > > >>
> > > > >>
> > > > >> 1/ It is not clear for me how the fix works if commit association
> is
> > > > >> correct:
> > > > >>
> > > > >> -
> > > https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > > > >>
> > > > >> Is the fix about replacing:
> > > > >>
> > > > >> final SSLSocket sock = (SSLSocket)
> this.socketfactory.createSocket();
> > > > >>
> > > > >> with :
> > > > >> SocketFactory.getDefault().createSocket();
> > >
> > > Pretty much. Please note though that the use of a plain socket instead
> > > of a fully initialized SSL socket causes a different execution path in
> > > #connectSocket method.
> > >
> > > Oleg
> > >
> > >
> > >
> > >
> >
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Ok, I understand , thanks Oleg.
I was just thinking that if you had the fix in new layers, it would maybe
be easy to fix it in deprecated ones. But I agree it might be loss of time
on your side.
On our side, as migration to 4.5.2 is not that easy and will surely take
time, it would have been helpful.
Regards
Philippe
On Wed, Dec 30, 2015 at 10:43 AM, Oleg Kalnichevski <ol...@apache.org>
wrote:
> On Tue, 2015-12-29 at 09:22 +0100, Philippe Mouawad wrote:
> > Hello Oleg,
> > Thanks for answer.
> > Could you elaborate a bit more on your answer ?
> >
> > Also, is there a chance that you fix the issue also in deprecated code of
> > httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too
> complex
> > ?
> >
>
> I personally see no point in fixing non-critical bugs in deprecated
> code. This time can be better spent elsewhere. However I can commit a
> fix though if contributed.
>
> Oleg
>
>
> > Thanks
> >
> > On Wednesday, December 23, 2015, Oleg Kalnichevski <ol...@apache.org>
> wrote:
> >
> > > On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > > > Hi,
> > > > Any answer on the 1/ question ?
> > > > Thanks
> > > > Regards
> > > >
> > > > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > > >
> > > > > Hi,
> > > > > With further investigation, I answered to some of my questions.
> > > > >
> > > > > Regards
> > > > >
> > > > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > > > >
> > > > >> Hello,
> > > > >> Looking at:
> > > > >>
> > > > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > > > >>
> > > > >>
> > > > >> 1/ It is not clear for me how the fix works if commit association
> is
> > > > >> correct:
> > > > >>
> > > > >> -
> > > https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > > > >>
> > > > >> Is the fix about replacing:
> > > > >>
> > > > >> final SSLSocket sock = (SSLSocket)
> this.socketfactory.createSocket();
> > > > >>
> > > > >> with :
> > > > >> SocketFactory.getDefault().createSocket();
> > >
> > > Pretty much. Please note though that the use of a plain socket instead
> > > of a fully initialized SSL socket causes a different execution path in
> > > #connectSocket method.
> > >
> > > Oleg
> > >
> > >
> > >
> > >
> >
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2015-12-29 at 09:22 +0100, Philippe Mouawad wrote:
> Hello Oleg,
> Thanks for answer.
> Could you elaborate a bit more on your answer ?
>
> Also, is there a chance that you fix the issue also in deprecated code of
> httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too complex
> ?
>
I personally see no point in fixing non-critical bugs in deprecated
code. This time can be better spent elsewhere. However I can commit a
fix though if contributed.
Oleg
> Thanks
>
> On Wednesday, December 23, 2015, Oleg Kalnichevski <ol...@apache.org> wrote:
>
> > On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > > Hi,
> > > Any answer on the 1/ question ?
> > > Thanks
> > > Regards
> > >
> > > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > >
> > > > Hi,
> > > > With further investigation, I answered to some of my questions.
> > > >
> > > > Regards
> > > >
> > > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > > >
> > > >> Hello,
> > > >> Looking at:
> > > >>
> > > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > > >>
> > > >>
> > > >> 1/ It is not clear for me how the fix works if commit association is
> > > >> correct:
> > > >>
> > > >> -
> > https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > > >>
> > > >> Is the fix about replacing:
> > > >>
> > > >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> > > >>
> > > >> with :
> > > >> SocketFactory.getDefault().createSocket();
> >
> > Pretty much. Please note though that the use of a plain socket instead
> > of a fully initialized SSL socket causes a different execution path in
> > #connectSocket method.
> >
> > Oleg
> >
> >
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: About SNI support in HC4.5
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2015-12-29 at 09:22 +0100, Philippe Mouawad wrote:
> Hello Oleg,
> Thanks for answer.
> Could you elaborate a bit more on your answer ?
>
> Also, is there a chance that you fix the issue also in deprecated code of
> httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too complex
> ?
>
I personally see no point in fixing non-critical bugs in deprecated
code. This time can be better spent elsewhere. However I can commit a
fix though if contributed.
Oleg
> Thanks
>
> On Wednesday, December 23, 2015, Oleg Kalnichevski <ol...@apache.org> wrote:
>
> > On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > > Hi,
> > > Any answer on the 1/ question ?
> > > Thanks
> > > Regards
> > >
> > > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > >
> > > > Hi,
> > > > With further investigation, I answered to some of my questions.
> > > >
> > > > Regards
> > > >
> > > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > > >
> > > >> Hello,
> > > >> Looking at:
> > > >>
> > > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > > >>
> > > >>
> > > >> 1/ It is not clear for me how the fix works if commit association is
> > > >> correct:
> > > >>
> > > >> -
> > https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > > >>
> > > >> Is the fix about replacing:
> > > >>
> > > >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> > > >>
> > > >> with :
> > > >> SocketFactory.getDefault().createSocket();
> >
> > Pretty much. Please note though that the use of a plain socket instead
> > of a fully initialized SSL socket causes a different execution path in
> > #connectSocket method.
> >
> > Oleg
> >
> >
> >
> >
>
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hello Oleg,
Thanks for answer.
Could you elaborate a bit more on your answer ?
Also, is there a chance that you fix the issue also in deprecated code of
httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too complex
?
Thanks
On Wednesday, December 23, 2015, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > Hi,
> > Any answer on the 1/ question ?
> > Thanks
> > Regards
> >
> > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > philippe.mouawad@gmail.com <javascript:;>> wrote:
> >
> > > Hi,
> > > With further investigation, I answered to some of my questions.
> > >
> > > Regards
> > >
> > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > >
> > >> Hello,
> > >> Looking at:
> > >>
> > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > >>
> > >>
> > >> 1/ It is not clear for me how the fix works if commit association is
> > >> correct:
> > >>
> > >> -
> https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > >>
> > >> Is the fix about replacing:
> > >>
> > >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> > >>
> > >> with :
> > >> SocketFactory.getDefault().createSocket();
>
> Pretty much. Please note though that the use of a plain socket instead
> of a fully initialized SSL socket causes a different execution path in
> #connectSocket method.
>
> Oleg
>
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hello Oleg,
Thanks for answer.
Could you elaborate a bit more on your answer ?
Also, is there a chance that you fix the issue also in deprecated code of
httpclient (org.apache.http.conn.ssl.SSLSocketFactory) or is it too complex
?
Thanks
On Wednesday, December 23, 2015, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> > Hi,
> > Any answer on the 1/ question ?
> > Thanks
> > Regards
> >
> > On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> > philippe.mouawad@gmail.com <javascript:;>> wrote:
> >
> > > Hi,
> > > With further investigation, I answered to some of my questions.
> > >
> > > Regards
> > >
> > > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > > philippe.mouawad@gmail.com <javascript:;>> wrote:
> > >
> > >> Hello,
> > >> Looking at:
> > >>
> > >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> > >>
> > >>
> > >> 1/ It is not clear for me how the fix works if commit association is
> > >> correct:
> > >>
> > >> -
> https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> > >>
> > >> Is the fix about replacing:
> > >>
> > >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> > >>
> > >> with :
> > >> SocketFactory.getDefault().createSocket();
>
> Pretty much. Please note though that the use of a plain socket instead
> of a fully initialized SSL socket causes a different execution path in
> #connectSocket method.
>
> Oleg
>
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> Hi,
> Any answer on the 1/ question ?
> Thanks
> Regards
>
> On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
> > Hi,
> > With further investigation, I answered to some of my questions.
> >
> > Regards
> >
> > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > philippe.mouawad@gmail.com> wrote:
> >
> >> Hello,
> >> Looking at:
> >>
> >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> >>
> >>
> >> 1/ It is not clear for me how the fix works if commit association is
> >> correct:
> >>
> >> - https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> >>
> >> Is the fix about replacing:
> >>
> >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> >>
> >> with :
> >> SocketFactory.getDefault().createSocket();
Pretty much. Please note though that the use of a plain socket instead
of a fully initialized SSL socket causes a different execution path in
#connectSocket method.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: About SNI support in HC4.5
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2015-12-23 at 14:30 +0100, Philippe Mouawad wrote:
> Hi,
> Any answer on the 1/ question ?
> Thanks
> Regards
>
> On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
> > Hi,
> > With further investigation, I answered to some of my questions.
> >
> > Regards
> >
> > On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> > philippe.mouawad@gmail.com> wrote:
> >
> >> Hello,
> >> Looking at:
> >>
> >> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
> >>
> >>
> >> 1/ It is not clear for me how the fix works if commit association is
> >> correct:
> >>
> >> - https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
> >>
> >> Is the fix about replacing:
> >>
> >> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
> >>
> >> with :
> >> SocketFactory.getDefault().createSocket();
Pretty much. Please note though that the use of a plain socket instead
of a fully initialized SSL socket causes a different execution path in
#connectSocket method.
Oleg
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi,
Any answer on the 1/ question ?
Thanks
Regards
On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> Hi,
> With further investigation, I answered to some of my questions.
>
> Regards
>
> On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
>> Hello,
>> Looking at:
>>
>> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>>
>>
>> 1/ It is not clear for me how the fix works if commit association is
>> correct:
>>
>> - https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
>>
>> Is the fix about replacing:
>>
>> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
>>
>> with :
>> SocketFactory.getDefault().createSocket();
>> 2/ Is the fix only for Java 7 or does it work on Java 8?
>>
> > It also works on Java8
>
>>
>> 3/ Also wondering, I see only SSLConnectionSocketFactory is concerned by
>> fix, so I suppose that SSLSocketFactory was not fixed ?
>> So I suppose that upgrading to HC4.5.1 from HC4.2.3 will not fix the
>> issue unless
>> SSLSocketFactory is used instead of
>> SSLConnectionSocketFactory
>>
>
> > No it will not fix the issue, unless SSLSocketFactory is used instead
> of SSLConnectionSocketFactory.
>
>>
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi,
Any answer on the 1/ question ?
Thanks
Regards
On Tue, Dec 22, 2015 at 2:39 PM, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> Hi,
> With further investigation, I answered to some of my questions.
>
> Regards
>
> On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
>> Hello,
>> Looking at:
>>
>> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>>
>>
>> 1/ It is not clear for me how the fix works if commit association is
>> correct:
>>
>> - https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
>>
>> Is the fix about replacing:
>>
>> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
>>
>> with :
>> SocketFactory.getDefault().createSocket();
>> 2/ Is the fix only for Java 7 or does it work on Java 8?
>>
> > It also works on Java8
>
>>
>> 3/ Also wondering, I see only SSLConnectionSocketFactory is concerned by
>> fix, so I suppose that SSLSocketFactory was not fixed ?
>> So I suppose that upgrading to HC4.5.1 from HC4.2.3 will not fix the
>> issue unless
>> SSLSocketFactory is used instead of
>> SSLConnectionSocketFactory
>>
>
> > No it will not fix the issue, unless SSLSocketFactory is used instead
> of SSLConnectionSocketFactory.
>
>>
>
>
>
--
Cordialement.
Philippe Mouawad.
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi,
With further investigation, I answered to some of my questions.
Regards
On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> Hello,
> Looking at:
>
> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>
>
> 1/ It is not clear for me how the fix works if commit association is
> correct:
>
> - https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
>
> Is the fix about replacing:
>
> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
>
> with :
> SocketFactory.getDefault().createSocket();
> 2/ Is the fix only for Java 7 or does it work on Java 8?
>
> It also works on Java8
>
> 3/ Also wondering, I see only SSLConnectionSocketFactory is concerned by
> fix, so I suppose that SSLSocketFactory was not fixed ?
> So I suppose that upgrading to HC4.5.1 from HC4.2.3 will not fix the issue
> unless
> SSLSocketFactory is used instead of
> SSLConnectionSocketFactory
>
> No it will not fix the issue, unless SSLSocketFactory is used instead
of SSLConnectionSocketFactory.
>
Re: About SNI support in HC4.5
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi,
With further investigation, I answered to some of my questions.
Regards
On Mon, Dec 21, 2015 at 6:52 PM, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> Hello,
> Looking at:
>
> - https://issues.apache.org/jira/browse/HTTPCLIENT-1119
>
>
> 1/ It is not clear for me how the fix works if commit association is
> correct:
>
> - https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1544769
>
> Is the fix about replacing:
>
> final SSLSocket sock = (SSLSocket) this.socketfactory.createSocket();
>
> with :
> SocketFactory.getDefault().createSocket();
> 2/ Is the fix only for Java 7 or does it work on Java 8?
>
> It also works on Java8
>
> 3/ Also wondering, I see only SSLConnectionSocketFactory is concerned by
> fix, so I suppose that SSLSocketFactory was not fixed ?
> So I suppose that upgrading to HC4.5.1 from HC4.2.3 will not fix the issue
> unless
> SSLSocketFactory is used instead of
> SSLConnectionSocketFactory
>
> No it will not fix the issue, unless SSLSocketFactory is used instead
of SSLConnectionSocketFactory.
>