[
https://issues.apache.org/jira/browse/HTTPCLIENT-1522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14325814#comment-14325814
]
Ivan Shcheklein commented on HTTPCLIENT-1522:
---------------------------------------------
Oleg, thank you for your response. Do you mean something like this:
{code:java}
public class SniHttpClientConnectionOperator extends
DefaultHttpClientConnectionOperator {
public SniHttpClientConnectionOperator(Lookup<ConnectionSocketFactory>
socketFactoryRegistry) {
super(socketFactoryRegistry, null, null);
}
@Override
public void connect(
final ManagedHttpClientConnection conn,
final HttpHost host,
final InetSocketAddress localAddress,
final int connectTimeout,
final SocketConfig socketConfig,
final HttpContext context) throws IOException {
try {
super.connect(conn, host, localAddress, connectTimeout,
socketConfig, context);
} catch (SSLProtocolException e) {
Boolean enableSniValue = (Boolean)
context.getAttribute(SniSSLSocketFactory.ENABLE_SNI);
boolean enableSni = enableSniValue == null || enableSniValue;
if (enableSni && e.getMessage() != null &&
e.getMessage().equals("handshake alert: unrecognized_name")) {
TimesLoggers.httpworker.warn("Server received saw wrong SNI
host, retrying without SNI");
context.setAttribute(SniSSLSocketFactory.ENABLE_SNI, false);
super.connect(conn, host, localAddress, connectTimeout,
socketConfig, context);
} else {
throw e;
}
}
}
}
{code}
and
{code:java}
public class SniSSLSocketFactory extends SSLConnectionSocketFactory {
public static final String ENABLE_SNI = "__enable_sni__";
/*
* Implement any constructor you need for your particular application -
* SSLConnectionSocketFactory has many variants
*/
public SniSSLSocketFactory(final SSLContext sslContext, final
HostnameVerifier verifier) {
super(sslContext, verifier);
}
@Override
public Socket createLayeredSocket(
final Socket socket,
final String target,
final int port,
final HttpContext context) throws IOException {
Boolean enableSniValue = (Boolean) context.getAttribute(ENABLE_SNI);
boolean enableSni = enableSniValue == null || enableSniValue;
return super.createLayeredSocket(socket, enableSni ? target : "", port,
context);
}
}
{code}
and
{code:java}
cm = new PoolingHttpClientConnectionManager(new
SniHttpClientConnectionOperator(socketFactoryRegistry), null, -1,
TimeUnit.MILLISECONDS);
{code}
It works and it is much better. It has problems, though:
- it's far from obvious DefaultHttpClientConnectionOperator::connect is
idempotent. I'm still not 100% sure that this code doesn't leak socket in some
cases.
- it's quite hard to come up with - override two classes, two different
methods, pass additional info through context.
- have to use PoolingHttpClientConnectionManager ctr with default values (null,
-1, etc)
- probably, it will be hard to maintain it
> SNI support
> -----------
>
> Key: HTTPCLIENT-1522
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1522
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.3.4
> Reporter: Igor
>
> Running HttpRequest to https://touchpoint.tealeaveshealth.com/consume
> causes an error
> {code}
> javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
> {code}
> to see how to fix, you can open
> *http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0*
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
