Jan Peter Stotz created HTTPCLIENT-2165:
-------------------------------------------
Summary: HTTPS connections are never reused when server requires
HTTPS client cert auth
Key: HTTPCLIENT-2165
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 4.5.13
Environment: Windows, OpenJDK 11
Reporter: Jan Peter Stotz
While performing test with an non-public web server serving a REST service I
noticed that Apapche commons httpclient does not reuse connections in case the
server requires HTTPS authentication via client certificate.
This is my code for initializing the ConnectionManager. The used sslContext is
created using the appropriate trust- and keyStore and X509ExtendedKeyManager
implementation.
{{SSLConnectionSocketFactory factory = new
SSLConnectionSocketFactory(sslContext, hostNameVerifier);}}
{{Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory> create().register("https",
factory).build();}}
{{connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);}}
{{connManager.setMaxTotal(1000);}}
{{connManager.setDefaultMaxPerRoute(200);}}
{{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig =
SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}}
{{connManager.setDefaultSocketConfig(socketConfig);}}
{{The used server is an Undertow instance configured to require SSL client
authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE,
SslClientAuthMode.REQUIRED)}}
{{If I disable the client auth mode requirement httpclient just opens up one
TCP connection to the server. If I enable https client authentication
httpclient opens up to the configured route maximum (200) TCP connections to
the server. I observed the same behavior using a different web server
implementation.}}
{{Enabling logging for PoolingHttpClientConnectionManager I can see that
httpclient is using the full maximum of 200 connections per route if HTTPS
client auth is required by the server (log after making ~1000 HTTP requests):}}
{{No HTTPS client auth required by server:}}
{{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
[route: \{s}->https://localhost:9003][total available: 1; route allocated: 1 of
200; total allocated: 1 of 1000]}}
{{HTTPS Client auth required by server:}}
{{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
[route: \{s}->https://localhost:9003][total available: 200; route allocated:
200 of 200; total allocated: 200 of 1000]}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
