You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Adalbert Wysocki <aw...@ariba.com> on 2006/08/04 16:24:42 UTC
RE: virtual protocol registration with customSSLProtocolSocketFactory ignored
Thanks Oleg! It helps but...
Do you recommend using a HostConfiguration configured with my particular
Protocol (and the socket factory) instead of registering the protocol
with Protocol.registerProtocol(...)?
Or
Using as parameter to the PostMethod a relative URI without any scheme
and starting from the first / ?
Is there a milestone to solve this issue?
Thanks,
Aldo
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Friday, August 04, 2006 7:32 PM
To: HttpClient User Discussion
Subject: Re: virtual protocol registration with
customSSLProtocolSocketFactory ignored
On Fri, 2006-08-04 at 19:16 +0530, Adalbert Wysocki wrote:
> Hi,
>
> Having an endless handshake going though the proxy with SSL and client
> certificate authentication I upgraded from HTTPClient 2.0.2 to 3.0.1.
>
> With 3.0.1 the handshake is working BUT the authentication of the
client
> by the server using the client certificate is not working anymore
> whereas it was before.
>
> Debugging it appears that the default SSLProtocolSocketFactory is used
> instead of the one I register. It was working fine with 2.0.2 and does
> not with 3.0.1.
>
> The protocolInUse variable in HttpConnection during the open() method
> has a wrong value...
>
> Registering my custom Factory with the "https" scheme protocol in
> addition or instead my custom "httpsin0" schema protocol is a
> workaround...
>
>
>
> Is it a known issue or did I missed something?
>
Aldo,
It is a known issue. Please make sure you are using relative URLs when
passing a custom HostConfiguration as a parameter to the
HttpClient#executeMethod method.
Hope this helps
Oleg
>
>
> Thanks for your help,
>
> Aldo
>
>
>
> -------------
>
>
>
> My AuthSSLProtocolSocketFactory creates the keystore, keymanagers and
> trustmanagers.
>
> My application registers a custom protocol with "httpsin0" schema.
>
>
>
> ProtocolSocketFactory socketFactory = new
AuthSSLProtocolSocketFactory(
>
> keyStoreURL, storePass, keyPass,
trustStoreURL,
>
> trustStorePass);
>
>
>
> Protocol authhttps = new Protocol("https", socketFactory,
> getPort());
>
> Protocol.registerProtocol('httpsin0", authhttps);
>
>
>
> ...
>
>
>
> HttpClient httpclient = new HttpClient();
>
> String url = "httpsin0://my.secure.server.url/zzzzzzzzzzzz"
>
>
>
> PostMethod httpPost = new PostMethod(url);
>
> InputStreamRequestEntity isRequestEntity = new
> InputStreamRequestEntity(requestMsg);
>
> httpPost.setRequestEntity(isRequestEntity);
>
>
>
> httpclient.executeMethod(httpPost);
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: virtual protocol registration with
customSSLProtocolSocketFactory ignored
Posted by Olaf Sebelin <os...@bos-bremen.de>.
Oleg Kalnichevski <ol...@apache.org> schrieb am 11.06.2007 um 20:01:
[...]
> > I think, the problem is, that an individual Protocol hanlder is
> > overwritten by hostconfig.setHost(uri). So the Solution would be
> > just to use another setHost()-Method of hostConfig in case an
> > individual Protocol is used. Does this break compatibility?
> >
>
> Olaf,
>
> Have you tried running the test cases against the SVN trunk with the
> patch applied?
>
Yes, and it passes. So I opened an issue
(https://issues.apache.org/jira/browse/HTTPCLIENT-658) and attached a
patch.
Regards,
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: virtual protocol registration with
customSSLProtocolSocketFactory ignored
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2007-06-11 at 19:07 +0200, Olaf Sebelin wrote:
> Hi,
>
>
> Oleg Kalnichevski <ol...@apache.org> schrieb am 04.08.2006 um 16:42:
>
> > On Fri, 2006-08-04 at 19:54 +0530, Adalbert Wysocki wrote:
> > > Thanks Oleg! It helps but...
> > >
> > > Do you recommend using a HostConfiguration configured with my
> > > particular Protocol (and the socket factory) instead of registering
> > > the protocol with Protocol.registerProtocol(...)?
> > >
> > > Or
> > >
> > > Using as parameter to the PostMethod a relative URI without any
> > > scheme and starting from the first / ?
> > >
> >
> > Aldo,
> > It very much depends upon your design consideration. If you want a
> > Protocol instance to apply globally, it should be registered using
> > Protocol#registerProtocol method. If, however, you want a Protocol
> > instance to apply to a specific host, then you should be using a
> > custom HostConfiguration parameter.
> >
> > > Is there a milestone to solve this issue?
> > > Thanks,
> > >
> >
> > This issue simply highlights deficiencies of the 3.x API. There's not
> > much that can be done about it without breaking the API compatibility.
> >
>
> Isn't it just a small patch (against 3.1-rc1) like this?
>
> +++ HttpClient.java 2007-06-11 18:53:52.000000000 +0200
> @@ -384,9 +384,14 @@ public class HttpClient {
> if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
> // make a deep copy of the host defaults
> hostconfig = (HostConfiguration) hostconfig.clone();
> if (uri.isAbsoluteURI()) {
> - hostconfig.setHost(uri);
> + if (hostconfig.getProtocol()!=null &&
> + hostconfig.getProtocol().getScheme().equals(uri.getScheme())) {
> + hostconfig.setHost(uri.getHost(), uri.getPort(), hostconfig.getProtocol());
> + } else {
> + hostconfig.setHost(uri);
> + }
> }
> }
>
> HttpMethodDirector methodDirector = new HttpMethodDirector(
>
>
> I think, the problem is, that an individual Protocol hanlder is
> overwritten by hostconfig.setHost(uri). So the Solution would be just
> to use another setHost()-Method of hostConfig in case an individual
> Protocol is used. Does this break compatibility?
>
Olaf,
Have you tried running the test cases against the SVN trunk with the
patch applied?
Oleg
>
> Regards,
> Olaf
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: virtual protocol registration with
customSSLProtocolSocketFactory ignored
Posted by Olaf Sebelin <os...@bos-bremen.de>.
Hi,
Oleg Kalnichevski <ol...@apache.org> schrieb am 04.08.2006 um 16:42:
> On Fri, 2006-08-04 at 19:54 +0530, Adalbert Wysocki wrote:
> > Thanks Oleg! It helps but...
> >
> > Do you recommend using a HostConfiguration configured with my
> > particular Protocol (and the socket factory) instead of registering
> > the protocol with Protocol.registerProtocol(...)?
> >
> > Or
> >
> > Using as parameter to the PostMethod a relative URI without any
> > scheme and starting from the first / ?
> >
>
> Aldo,
> It very much depends upon your design consideration. If you want a
> Protocol instance to apply globally, it should be registered using
> Protocol#registerProtocol method. If, however, you want a Protocol
> instance to apply to a specific host, then you should be using a
> custom HostConfiguration parameter.
>
> > Is there a milestone to solve this issue?
> > Thanks,
> >
>
> This issue simply highlights deficiencies of the 3.x API. There's not
> much that can be done about it without breaking the API compatibility.
>
Isn't it just a small patch (against 3.1-rc1) like this?
+++ HttpClient.java 2007-06-11 18:53:52.000000000 +0200
@@ -384,9 +384,14 @@ public class HttpClient {
if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
// make a deep copy of the host defaults
hostconfig = (HostConfiguration) hostconfig.clone();
if (uri.isAbsoluteURI()) {
- hostconfig.setHost(uri);
+ if (hostconfig.getProtocol()!=null &&
+ hostconfig.getProtocol().getScheme().equals(uri.getScheme())) {
+ hostconfig.setHost(uri.getHost(), uri.getPort(), hostconfig.getProtocol());
+ } else {
+ hostconfig.setHost(uri);
+ }
}
}
HttpMethodDirector methodDirector = new HttpMethodDirector(
I think, the problem is, that an individual Protocol hanlder is
overwritten by hostconfig.setHost(uri). So the Solution would be just
to use another setHost()-Method of hostConfig in case an individual
Protocol is used. Does this break compatibility?
Regards,
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: virtual protocol registration with
customSSLProtocolSocketFactory ignored
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2006-08-04 at 19:54 +0530, Adalbert Wysocki wrote:
> Thanks Oleg! It helps but...
>
> Do you recommend using a HostConfiguration configured with my particular
> Protocol (and the socket factory) instead of registering the protocol
> with Protocol.registerProtocol(...)?
>
> Or
>
> Using as parameter to the PostMethod a relative URI without any scheme
> and starting from the first / ?
>
Aldo,
It very much depends upon your design consideration. If you want a
Protocol instance to apply globally, it should be registered using
Protocol#registerProtocol method. If, however, you want a Protocol
instance to apply to a specific host, then you should be using a custom
HostConfiguration parameter.
> Is there a milestone to solve this issue?
> Thanks,
>
This issue simply highlights deficiencies of the 3.x API. There's not
much that can be done about it without breaking the API compatibility.
We are planning to address this issue in HttpClient 4.0, which will be
based on a completely new set of low level components [1]
Oleg
[1] http://jakarta.apache.org/httpcomponents/
> Aldo
>
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: Friday, August 04, 2006 7:32 PM
> To: HttpClient User Discussion
> Subject: Re: virtual protocol registration with
> customSSLProtocolSocketFactory ignored
>
> On Fri, 2006-08-04 at 19:16 +0530, Adalbert Wysocki wrote:
> > Hi,
> >
> > Having an endless handshake going though the proxy with SSL and client
> > certificate authentication I upgraded from HTTPClient 2.0.2 to 3.0.1.
> >
> > With 3.0.1 the handshake is working BUT the authentication of the
> client
> > by the server using the client certificate is not working anymore
> > whereas it was before.
> >
> > Debugging it appears that the default SSLProtocolSocketFactory is used
> > instead of the one I register. It was working fine with 2.0.2 and does
> > not with 3.0.1.
> >
> > The protocolInUse variable in HttpConnection during the open() method
> > has a wrong value...
> >
> > Registering my custom Factory with the "https" scheme protocol in
> > addition or instead my custom "httpsin0" schema protocol is a
> > workaround...
> >
> >
> >
> > Is it a known issue or did I missed something?
> >
>
> Aldo,
> It is a known issue. Please make sure you are using relative URLs when
> passing a custom HostConfiguration as a parameter to the
> HttpClient#executeMethod method.
>
> Hope this helps
>
> Oleg
>
> >
> >
> > Thanks for your help,
> >
> > Aldo
> >
> >
> >
> > -------------
> >
> >
> >
> > My AuthSSLProtocolSocketFactory creates the keystore, keymanagers and
> > trustmanagers.
> >
> > My application registers a custom protocol with "httpsin0" schema.
> >
> >
> >
> > ProtocolSocketFactory socketFactory = new
> AuthSSLProtocolSocketFactory(
> >
> > keyStoreURL, storePass, keyPass,
> trustStoreURL,
> >
> > trustStorePass);
> >
> >
> >
> > Protocol authhttps = new Protocol("https", socketFactory,
> > getPort());
> >
> > Protocol.registerProtocol('httpsin0", authhttps);
> >
> >
> >
> > ...
> >
> >
> >
> > HttpClient httpclient = new HttpClient();
> >
> > String url = "httpsin0://my.secure.server.url/zzzzzzzzzzzz"
> >
> >
> >
> > PostMethod httpPost = new PostMethod(url);
> >
> > InputStreamRequestEntity isRequestEntity = new
> > InputStreamRequestEntity(requestMsg);
> >
> > httpPost.setRequestEntity(isRequestEntity);
> >
> >
> >
> > httpclient.executeMethod(httpPost);
> >
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org