You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Sachin Hamirwasia <Sa...@Singnet.com.sg> on 2002/06/11 18:18:30 UTC
SSL proxy support in HttpClient
Hi,
Not sure if this has been discussed earlier, I have modified the
HttpClient's code slightly to make SSL work across a proxy server. Strange
enough, https proxy support was missing in the most current source code. If
it might be of interest to anyone, I can mail the code over.
Regards,
Sachin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
[HttpClient] Implementing support for authenticated proxies
Posted by Evert Hoff <ev...@pixie.co.za>.
Hi,
Attached is a patch (diff.txt) and the full changed files
(changes-evert.zip) which includes:
- Sachin's changes for SSL tunneling
- Changes to enable an alternative SSLSocketFactory to be set, for
getting around "untrusted server certificate chain" errors.
- Changes to give access to the time when the request was made and the
connection established, for monitoring purposes.
- Lastly, I've been trying to implement support for authenticated
proxies, BUT WITHOUT SUCCESS YET.
With the authenticated proxy, I don't know whether there is something
wrong with the proxy I am using or something else. The code is supposed
to handle authenticated proxies for both http and https requests. I am
getting "no route to host" responses with https and "access to host
forbidden on this server" responses with http. I might just no longer
have the right permissions on the proxy server.
If someone has access to an authenticated proxy and is willing to help
test and debug this, I would greatly appreciate it.
BTW, it might be a good idea to compare my files to the ones that Sachin
sent yesterday, because I had to make changes to his changes in order to
support authenticated proxies.
Regards,
Evert
RE: SSL proxy support in HttpClient
Posted by Sachin Hamirwasia <Sa...@Singnet.com.sg>.
Hi Evert,
Appreciate your help in posting the changes to the CVS.
Here is what I have changed (please refer to attached files):
HttpConnection - changed the open() method (lines 283-288) to use the
_proxyHost and _proxyPort to open a plain socket, send an HTTP CONNECT
request (which makes an http proxy server switch to tunnel mode), and then
overlay this socket onto an SSLSocket using the default SSL socket factory.
This is also demonstrated in the JSSE sample code. The doTunnelHandshake()
[new addition] does the trick. Have also slightly changed this method from
the JSSE sample code to send some headers without which some proxies might
not work properly. [These are also the same headers that IE6.0 sends to a
proxy server for https tunnel]
HttpMethodBase - changed the generateRequestLine() method such that for SSL
connections going via a proxy server, it should send a relative URI rather
than a full URI [since the request is actually sent to the end HTTP server
and not the proxy server].
That's all the changes required to support proxy for secure connections. I
have tested the new build with some of my SSL servers and it seems to work
fine. Though haven't run the code through the commons test suite.
Regards,
Sachin
-----Original Message-----
From: Evert Hoff [mailto:evert.hoff@pixie.co.za]
Sent: Wednesday, 12 June 2002 01:06 AM
To: Jakarta Commons Developers List
Subject: Re: SSL proxy support in HttpClient
Hi Sachin,
I would like to see it. I am planning to work on the same thing for
HttpMultiClient tomorrow and your code would help me understand what to
do.
I'll then make a patch including my and your changes and submit these so
that someone who is a committer on this project can add it to CVS.
Thanks,
Evert
On Tue, 2002-06-11 at 18:18, Sachin Hamirwasia wrote:
> Hi,
>
> Not sure if this has been discussed earlier, I have modified the
> HttpClient's code slightly to make SSL work across a proxy server. Strange
> enough, https proxy support was missing in the most current source code.
If
> it might be of interest to anyone, I can mail the code over.
>
> Regards,
> Sachin
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
Re: SSL proxy support in HttpClient
Posted by Evert Hoff <ev...@pixie.co.za>.
Hi Sachin,
I would like to see it. I am planning to work on the same thing for
HttpMultiClient tomorrow and your code would help me understand what to
do.
I'll then make a patch including my and your changes and submit these so
that someone who is a committer on this project can add it to CVS.
Thanks,
Evert
On Tue, 2002-06-11 at 18:18, Sachin Hamirwasia wrote:
> Hi,
>
> Not sure if this has been discussed earlier, I have modified the
> HttpClient's code slightly to make SSL work across a proxy server. Strange
> enough, https proxy support was missing in the most current source code. If
> it might be of interest to anyone, I can mail the code over.
>
> Regards,
> Sachin
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>