On Thu, 2015-04-09 at 10:41 -0400, Karl Wright wrote:
> Hi Oleg,
>
> I've been looking at the tickets for potential issues with SSL socket
> timeout values not being honored in some versions of HttpClient, and I must
> say I'm not clear where things stand.
>
> I have a ManifoldCF user who is seeing socket read timeouts when using
> SSL. The stack in that case involves the Solr client library (SolrJ). I
> am passing in an HttpClient instance that's already built:
>
> >>>>>>
> RequestConfig.Builder requestBuilder = RequestConfig.custom()
> .setCircularRedirectsAllowed(true)
> .setSocketTimeout(socketTimeout)
> .setStaleConnectionCheckEnabled(true)
> .setExpectContinueEnabled(true)
> .setConnectTimeout(connectionTimeout)
> .setConnectionRequestTimeout(socketTimeout);
>
> HttpClientBuilder clientBuilder = HttpClients.custom()
> .setConnectionManager(connectionManager)
Karl,
If one explicitly assigns an already initialized connection manager
instance basically all connection manager parameters have no effect.
Please try setting default SocketConfig on connection manager directly.
Oleg
> .setMaxConnTotal(1)
> .disableAutomaticRetries()
> .setDefaultRequestConfig(requestBuilder.build())
> .setRedirectStrategy(new DefaultRedirectStrategy())
> .setSSLSocketFactory(myFactory)
> .setRequestExecutor(new HttpRequestExecutor(socketTimeout))
> .setDefaultSocketConfig(SocketConfig.custom()
> .setTcpNoDelay(true)
> .setSoTimeout(socketTimeout)
> .build()
> );
>
>
> if (userID != null && userID.length() > 0 && password != null)
> {
> CredentialsProvider credentialsProvider = new
> BasicCredentialsProvider();
> Credentials credentials = new UsernamePasswordCredentials(userID,
> password);
> if (realm != null)
> credentialsProvider.setCredentials(new
> AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, realm), credentials);
> else
> credentialsProvider.setCredentials(AuthScope.ANY, credentials);
>
> clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
> }
>
> HttpClient localClient = clientBuilder.build();
> <<<<<<
>
> It is remotely possible that SolrJ is modifying a parameter in the client,
> which I am aware would invalidate the builder-based configuration. So my
> question is simple: IF the HttpClient instance is *not* being configured in
> SolrJ, would you expect the socket timeout to be honored for SSL requests,
> on the current codebase?
yes.
> Was there ever a time when that was not true? If
No.
> there's a buried default SSL socket timeout value that would be used if
> configuration was overridden by setting a parameter, what is that value?
>
SSL handshake as well as CONNECT message exchange use socket timeout set
by the connection manager. Request level settings apply only once a
connection has been fully established and routed.
Hope this helps.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
