You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Sam Wilson <te...@hotmail.com> on 2016/03/02 18:37:18 UTC
HttpClient 4.5.2 and Server Name Indication
Hey httpclient-users,
I'm trying to get Server Name Indication working in an existing
application, but I'm having some serious trouble.
The java version is 1.8.0_45.
I've walked all the way through the HttpClient code to the
sun.security.ssl.SSLSocketImpl.connect call, and I see that HttpClient
is correctly passing the hostname through to the socket connect.
The paramSocketAddress.toString() returns "www.example.com:443", where
example.com is replaced by the actual SNI host I'm using.
When I enable -Djavax.net.debug=all, there is no server name extension
listed in the outgoing request.
Is there anything else I need to do to enable SNI?
Thanks,
Sam
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2016-03-02 at 16:19 -0500, Sam Wilson wrote:
> On 3/2/16 3:56 PM, Philippe Mouawad wrote:
> > See Oleg's commit few minutes on deprecated classes:
> > http://svn.apache.org/viewvc?view=revision&revision=1733362
>
> So yes, my code hits that change. I take it I either grab the latest
> HttpClient from svn, or change my software to avoid this path?
>
The latter should be preferred.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Sam Wilson <te...@hotmail.com>.
On 3/2/16 3:56 PM, Philippe Mouawad wrote:
> See Oleg's commit few minutes on deprecated classes:
> http://svn.apache.org/viewvc?view=revision&revision=1733362
So yes, my code hits that change. I take it I either grab the latest
HttpClient from svn, or change my software to avoid this path?
Thanks for the help guys! :)
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi,
Have a look at this:
https://issues.apache.org/jira/browse/HTTPCLIENT-1119
You will see concerned classes, see:
https://github.com/apache/httpclient/commit/92b7e8cd971868505d0f22ee5cfc12a68ee91b80#diff-4f1f0cfa92ca97f7ee68436780ce874c
See Oleg's commit few minutes on deprecated classes:
http://svn.apache.org/viewvc?view=revision&revision=1733362
Regards
On Wed, Mar 2, 2016 at 9:51 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote:
> > On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
> > > On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
> > >>
> > >> Is there anything else I need to do to enable SNI?
> > >>
> > >
> > > No, there is not. Just make sure you are not using deprecated
> > > functionality.
> > >
> >
> > I'm sorry, are you saying that I am using deprecated functionality for
> > sure, or that I might be and should look for it. In either case, is
> > there something specific I should be looking for?
>
> It is merely a guess. Are you seeing any deprecation warnings related to
> HttpClient code when compiling your application?
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Cordialement.
Philippe Mouawad.
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Sam Wilson <te...@hotmail.com>.
On 3/2/16 3:51 PM, Oleg Kalnichevski wrote:
> On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote:
>> On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
>>> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
>>>>
>>>> Is there anything else I need to do to enable SNI?
>>>>
>>>
>>> No, there is not. Just make sure you are not using deprecated
>>> functionality.
>>>
>>
>> I'm sorry, are you saying that I am using deprecated functionality for
>> sure, or that I might be and should look for it. In either case, is
>> there something specific I should be looking for?
>
> It is merely a guess. Are you seeing any deprecation warnings related to
> HttpClient code when compiling your application?
Unfortunately it is a legacy clojure application, so no, I don't see any
warnings at all.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote:
> On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
> > On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
> >>
> >> Is there anything else I need to do to enable SNI?
> >>
> >
> > No, there is not. Just make sure you are not using deprecated
> > functionality.
> >
>
> I'm sorry, are you saying that I am using deprecated functionality for
> sure, or that I might be and should look for it. In either case, is
> there something specific I should be looking for?
It is merely a guess. Are you seeing any deprecation warnings related to
HttpClient code when compiling your application?
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Gerry Woods <Ge...@akana.com>.
We just went through this exercise. We have our own socket factory implementation that, based on HTTPCLIENT-1119, uses the String host name when SSLSocketFactory.createSocket() is invoked (rather than using the InetAddress methods). This seemed to do the trick.
On 3/2/16, 12:48 PM, "Sam Wilson" <te...@hotmail.com> wrote:
>On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
>> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
>>>
>>> Is there anything else I need to do to enable SNI?
>>>
>>
>> No, there is not. Just make sure you are not using deprecated
>> functionality.
>>
>
>I'm sorry, are you saying that I am using deprecated functionality for
>sure, or that I might be and should look for it. In either case, is
>there something specific I should be looking for?
>
>Sam
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Sam Wilson <te...@hotmail.com>.
On 3/2/16 3:41 PM, Oleg Kalnichevski wrote:
> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
>>
>> Is there anything else I need to do to enable SNI?
>>
>
> No, there is not. Just make sure you are not using deprecated
> functionality.
>
I'm sorry, are you saying that I am using deprecated functionality for
sure, or that I might be and should look for it. In either case, is
there something specific I should be looking for?
Sam
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote:
> Hey httpclient-users,
>
> I'm trying to get Server Name Indication working in an existing
> application, but I'm having some serious trouble.
>
> The java version is 1.8.0_45.
>
> I've walked all the way through the HttpClient code to the
> sun.security.ssl.SSLSocketImpl.connect call, and I see that HttpClient
> is correctly passing the hostname through to the socket connect.
>
> The paramSocketAddress.toString() returns "www.example.com:443", where
> example.com is replaced by the actual SNI host I'm using.
>
> When I enable -Djavax.net.debug=all, there is no server name extension
> listed in the outgoing request.
>
> Is there anything else I need to do to enable SNI?
>
No, there is not. Just make sure you are not using deprecated
functionality.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org