Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" for change notification.
The following page has been changed by OlegKalnichevski: http://wiki.apache.org/HttpComponents/HttpClientTutorial ------------------------------------------------------------------------------ == Socket factories == - HTTP connections make use of a java.net.Socket object internally to handle transmittion of data across the wire. They, however, rely on SocketFactory interface to create, initialize and connect sockets. This enables the users of HttpClient to provide application specific socket initialization code at runtime. PlainSocketFactory is the default factory for creating and initializing plain (unencrypted) sockets. + HTTP connections make use of a java.net.Socket object internally to handle transmission of data across the wire. They, however, rely on SocketFactory interface to create, initialize and connect sockets. This enables the users of HttpClient to provide application specific socket initialization code at runtime. PlainSocketFactory is the default factory for creating and initializing plain (unencrypted) sockets. The process of creating a socket and that of connecting it to a host are decoupled, so that the socket could be closed while being blocked in the connect operation. @@ -771, +771 @@ === Hostname verification === - Hostname verifier implementations. + In addition to the trust verification and the client authentication performed on the SSL/TLS protocol level, HttpClient can optionally verify whether the target hostname matches the names stored inside the server's X.509 certificate, once the connection has been established. This verification can provide additional guarantees of authenticity of the server trust material. X509HostnameVerifier interface represents a strategy for hostname verification. HttpClient ships with three X509HostnameVerifier. Important: hostname verification should not be confused with SSL trust verification. + + * '''StrictHostnameVerifier''': The strict hostname verifier works the same way as Sun Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. + * '''BrowserCompatHostnameVerifier''': The hostname verifier that works the same way as Curl and Firefox. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The only difference between BrowserCompatHostnameVerifier and StrictHostnameVerifier is that a wildcard (such as "*.foo.com") with BrowserCompatHostnameVerifier matches all subdomains, including "a.b.foo.com". + + * '''AllowAllHostnameVerifier''': This hostname verifier essentially turns hostname verification off. This implementation is a no-op, and never throws the SSLException. + + Per default HttpClient uses BrowserCompatHostnameVerifier implementation. One can specify a different hostname verifier implementation if desired + + {{{ + SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getInstance("TLS")); + sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); + }}} + == Protocol schemes == - Scheme class is used to represent a protocol scheme such as "http" or "https". + Scheme class represents a protocol scheme such as "http" or "https" and contains a number of protocol properties such as the default port and the socket factory to be used to creating Sockets for the given protocol. SchemeRegistry class is used to maintain a set of Schemes HttpClient can choose from when trying to establish a connection by a request URI: + + {{{ + Scheme http = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80); + + SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getInstance("TLS")); + sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); + Scheme https = new Scheme("https", sf, 443); + + SchemeRegistry sr = new SchemeRegistry(); + sr.register(http); + sr.register(https); + }}} == HttpClient proxy configuration == --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
