You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Dave Roberts <da...@saaconsultants.com> on 2013/06/04 18:09:22 UTC
Multiple connections with different SSL parameters
Short version:-
I'm trying to work out how to connect to multiple servers at the
same time but with potentially different SSL requirements for those
servers. E.g. use different client auth certs, which might be signed
by the same CA.
I've looked at and used the PoolingClientConnectionManager along
with the SchemeRegistry. However it seems that only one socket
factory can be set for any given Scheme.
Any advice on the best way to achieve this?
What (I think) I'd really like is to have an optional socket factory
per target host, in addition to the default for the scheme.
More info:
I've tried adding Schemes with a unique name, which works OK until
the server sends a redirect. I'd have to start intercepting these
and re-writing the URL each time.
I could sub-class PoolingClientConnectionManager and implement my
own ClientConnectionOperator as a sub-class of
DefaultClientConnectionOperator, and ensure that the right Scheme is
in place, but it doesn't look like that's an intended way of
extended the class.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Multiple connections with different SSL parameters
Posted by Dave Roberts <da...@saaconsultants.com>.
On 05/06/2013 10:08, Oleg Kalnichevski wrote:
> You should implement a custom SSL socket factory that creates a new
> SSLContext for each new connection based on custom parameters passed to
> the #createSocket(HttpParams) method. HTTP parameters can be set on
> individual requests as appropriate.
Ah yes, that seems such an obvious solution now. Seems to work nicely.
Many thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Multiple connections with different SSL parameters
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2013-06-04 at 17:09 +0100, Dave Roberts wrote:
> Short version:-
> I'm trying to work out how to connect to multiple servers at the
> same time but with potentially different SSL requirements for those
> servers. E.g. use different client auth certs, which might be signed
> by the same CA.
>
> I've looked at and used the PoolingClientConnectionManager along
> with the SchemeRegistry. However it seems that only one socket
> factory can be set for any given Scheme.
>
> Any advice on the best way to achieve this?
>
> What (I think) I'd really like is to have an optional socket factory
> per target host, in addition to the default for the scheme.
>
>
> More info:
> I've tried adding Schemes with a unique name, which works OK until
> the server sends a redirect. I'd have to start intercepting these
> and re-writing the URL each time.
>
> I could sub-class PoolingClientConnectionManager and implement my
> own ClientConnectionOperator as a sub-class of
> DefaultClientConnectionOperator, and ensure that the right Scheme is
> in place, but it doesn't look like that's an intended way of
> extended the class.
>
You should implement a custom SSL socket factory that creates a new
SSLContext for each new connection based on custom parameters passed to
the #createSocket(HttpParams) method. HTTP parameters can be set on
individual requests as appropriate.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org