[jira] [Commented] (HTTPCORE-396) PrivateKeyStrategy does not work with async (NIO) components

Wed, 18 Feb 2015 15:14:40 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCORE-396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326711#comment-14326711
 ] 

Chris Kistner commented on HTTPCORE-396:
----------------------------------------

Thank you Oleg!

Switching from httpcore 4.4 to the 4.4.1-SNAPSHOT version fixed the issue, or 
at least our unit tests showed that the Async client then provided its client 
certificate.
The only downside to the current fix in the 4.4 branch is that users won't be 
able to get any context from the SSL connection when it's an async client, but 
in our use case we do not need it.

I quite like the way you fixed it in the trunk, where SSLParameters are used 
instead of the Socket or SSLEngine.

> PrivateKeyStrategy does not work with async (NIO) components
> ------------------------------------------------------------
>
>                 Key: HTTPCORE-396
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-396
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4
>            Reporter: Chris Kistner
>            Priority: Minor
>              Labels: SSLContext, SSLEngine, X509ExtendedKeyManager
>             Fix For: 4.4.1, 5.0-alpha1
>
>         Attachments: ApacheAsyncPrivateKeyStrategy.java, 
> ApacheAsyncSSLContextBuilder.java
>
>
> I tried using httpclient-4.3.6's SSLContextBuilder to build a SSLContext, 
> which I then fed to my AsyncHttpClient connection pool. 
> It worked just fine for configuring the cipher suites, TLS/SSL protocols and 
> trust stores, however it did not work for the key managers.
> The reason being that it did not implement a key manager that extended 
> X509ExtendedKeyManager.
> As far as I saw the differences between the X509ExtendedKeyManager abstract 
> class and X509KeyManager interface are:
> * X509ExtendedKeyManager (for async [and sync]) takes in SSLEngine as 
> argument for its chooseEngineClientAlias method
> * X509KeyManager (for sync only) takes in Socket as argument for its 
> chooseServerAlias method
> For the while being, I've copied and adjusted the SSLContextBuilder and 
> PrivateKeyStrategy classes to suite my needs for a KeyManager implementation 
> when going async. See the attached files for my copy.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to