On Sun, 2012-09-09 at 08:14 -0400, Daniel Kulp wrote: > On Sep 8, 2012, at 4:33 PM, Oleg Kalnichevski <[email protected]> wrote: > > I committed your patch with some minor tweaks. Please double-check. > > > > Cool. Thanks. I'll take a look on Monday. > > > The fundamental problem here is that SSL connections set up on a per > > request (or per client basis) when kept alive by the connection manager > > can be later leased to another client thread with a different security > > context if one is not careful. > > Actually, I'm struggling with the OPPOSITE problem with the Async client. > The Async client stores the X500Principal as the "state" for the connection > (which is great BTW). Thus, subsequent calls that don't provide a state > will never re-use the connection. I need to do a little work to store the > principal, but it all looks very doable. Hopefully will finish that up on > Monday. > >
Hi Daniel I think this problem can be easily fixed. If the expected X500Principal is known in advance, one can stick it into the local execution context as ClientContext#USER_TOKEN attribute [1]. This will force the client to request connections with the given state only. [1] http://hc.apache.org/httpcomponents-client-ga/tutorial/html/advanced.html#stateful_conn > > We can cut as many BETA releases as needed and as often as needed. There > > have been not that many changes since BETA2, so I would not rush BETA3, > > but I'll call for a release vote as soon as you need it. What I am not > > really comfortable committing myself to is any time frame for a GA > > release. > > That's fine. As long as there are "releases" in the central repo, we can at > least proceed. For performance reasons, the async transport likely won't be > a default, but it will be available to those that may need it. Definitely > don't push a beta3 yet (unless someone else really needs it) as I do want to > verify more tests with it, check how it will work in OSGi, etc... > All right. Let's hold it off for a little while. Once you are sure no more changes are needed let me know and I'll start the release process. Cheers Oleg
