You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by Sam Wilson <te...@hotmail.com> on 2016/03/02 18:37:18 UTC

HttpClient 4.5.2 and Server Name Indication

Hey httpclient-users,

I'm trying to get Server Name Indication working in an existing 
application, but I'm having some serious trouble.

The java version is 1.8.0_45.

I've walked all the way through the HttpClient code to the 
sun.security.ssl.SSLSocketImpl.connect call, and I see that HttpClient 
is correctly passing the hostname through to the socket connect.

The paramSocketAddress.toString() returns "www.example.com:443", where 
example.com is replaced by the actual SNI host I'm using.

When I enable -Djavax.net.debug=all, there is no server name extension 
listed in the outgoing request.

Is there anything else I need to do to enable SNI?

Thanks,
Sam

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Wed, 2016-03-02 at 16:19 -0500, Sam Wilson wrote:
> On 3/2/16 3:56 PM, Philippe Mouawad wrote:
> > See Oleg's commit few minutes on deprecated classes:
> > http://svn.apache.org/viewvc?view=revision&revision=1733362
> 
> So yes, my code hits that change. I take it I either grab the latest 
> HttpClient from svn, or change my software to avoid this path?
> 

The latter should be preferred.

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Sam Wilson <te...@hotmail.com>.

On 3/2/16 3:56 PM, Philippe Mouawad wrote:
> See Oleg's commit few minutes on deprecated classes:
> http://svn.apache.org/viewvc?view=revision&revision=1733362

So yes, my code hits that change. I take it I either grab the latest 
HttpClient from svn, or change my software to avoid this path?

Thanks for the help guys! :)

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Philippe Mouawad <ph...@gmail.com>.

Hi,
Have a look at this:
https://issues.apache.org/jira/browse/HTTPCLIENT-1119
You will see concerned classes, see:
https://github.com/apache/httpclient/commit/92b7e8cd971868505d0f22ee5cfc12a68ee91b80#diff-4f1f0cfa92ca97f7ee68436780ce874c


See Oleg's commit few minutes on deprecated classes:
http://svn.apache.org/viewvc?view=revision&revision=1733362

Regards

On Wed, Mar 2, 2016 at 9:51 PM, Oleg Kalnichevski <ol...@apache.org> wrote:

> On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote:
> > On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
> > > On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
> > >>
> > >> Is there anything else I need to do to enable SNI?
> > >>
> > >
> > > No, there is not. Just make sure you are not using deprecated
> > > functionality.
> > >
> >
> > I'm sorry, are you saying that I am using deprecated functionality for
> > sure, or that I might be and should look for it. In either case, is
> > there something specific I should be looking for?
>
> It is merely a guess. Are you seeing any deprecation warnings related to
> HttpClient code when compiling your application?
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
Cordialement.
Philippe Mouawad.

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Sam Wilson <te...@hotmail.com>.

On 3/2/16 3:51 PM, Oleg Kalnichevski wrote:
> On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote:
>> On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
>>> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
>>>>
>>>> Is there anything else I need to do to enable SNI?
>>>>
>>>
>>> No, there is not. Just make sure you are not using deprecated
>>> functionality.
>>>
>>
>> I'm sorry, are you saying that I am using deprecated functionality for
>> sure, or that I might be and should look for it. In either case, is
>> there something specific I should be looking for?
>
> It is merely a guess. Are you seeing any deprecation warnings related to
> HttpClient code when compiling your application?

Unfortunately it is a legacy clojure application, so no, I don't see any 
warnings at all.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote:
> On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
> > On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
> >>
> >> Is there anything else I need to do to enable SNI?
> >>
> >
> > No, there is not. Just make sure you are not using deprecated
> > functionality.
> >
> 
> I'm sorry, are you saying that I am using deprecated functionality for 
> sure, or that I might be and should look for it. In either case, is 
> there something specific I should be looking for?

It is merely a guess. Are you seeing any deprecation warnings related to
HttpClient code when compiling your application?

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Gerry Woods <Ge...@akana.com>.

We just went through this exercise.  We have our own socket factory implementation that, based on HTTPCLIENT-1119, uses the String host name when SSLSocketFactory.createSocket() is invoked (rather than using the InetAddress methods).  This seemed to do the trick.

On 3/2/16, 12:48 PM, "Sam Wilson" <te...@hotmail.com> wrote:

>On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
>> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
>>>
>>> Is there anything else I need to do to enable SNI?
>>>
>>
>> No, there is not. Just make sure you are not using deprecated
>> functionality.
>>
>
>I'm sorry, are you saying that I am using deprecated functionality for 
>sure, or that I might be and should look for it. In either case, is 
>there something specific I should be looking for?
>
>Sam
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>For additional commands, e-mail: httpclient-users-help@hc.apache.org
>

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Sam Wilson <te...@hotmail.com>.

On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
>>
>> Is there anything else I need to do to enable SNI?
>>
>
> No, there is not. Just make sure you are not using deprecated
> functionality.
>

I'm sorry, are you saying that I am using deprecated functionality for 
sure, or that I might be and should look for it. In either case, is 
there something specific I should be looking for?

Sam

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

Re: HttpClient 4.5.2 and Server Name Indication

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
> Hey httpclient-users,
> 
> I'm trying to get Server Name Indication working in an existing 
> application, but I'm having some serious trouble.
> 
> The java version is 1.8.0_45.
> 
> I've walked all the way through the HttpClient code to the 
> sun.security.ssl.SSLSocketImpl.connect call, and I see that HttpClient 
> is correctly passing the hostname through to the socket connect.
> 
> The paramSocketAddress.toString() returns "www.example.com:443", where 
> example.com is replaced by the actual SNI host I'm using.
> 
> When I enable -Djavax.net.debug=all, there is no server name extension 
> listed in the outgoing request.
> 
> Is there anything else I need to do to enable SNI?
> 

No, there is not. Just make sure you are not using deprecated
functionality.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org