[
https://issues.apache.org/jira/browse/HTTPCLIENT-2165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17372841#comment-17372841
]
Jan Peter Stotz edited comment on HTTPCLIENT-2165 at 7/1/21, 2:53 PM:
----------------------------------------------------------------------
[~olegk] I don't use user tokens, and I am not familiar with how to use them in
httpclient. As I wrote all the authentication is handled by the SSLContext.
[~michael-o] I created some simple test code and it looks similar, connections
are not reused but the are also not kept open
was (Author: jbug):
[~olegk] I don't use user tokens, and I am not familiar with how to use them in
httpclient. As I wrote all the authentication is handled by the SSLContext.
[~michael-o] I created some simple test code
> TCP connections are never reused when server requires TLS cert auth
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-2165
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13
> Environment: Windows, OpenJDK 11
> Reporter: Jan Peter Stotz
> Priority: Major
>
> While performing test with an non-public web server serving a REST service I
> noticed that Apapche commons httpclient does not reuse connections in case
> the server requires HTTPS authentication via client certificate.
> This is my code for initializing the ConnectionManager. The used sslContext
> is created using the appropriate trust- and keyStore and
> X509ExtendedKeyManager implementation.
> {{SSLConnectionSocketFactory factory = new
> SSLConnectionSocketFactory(sslContext, hostNameVerifier);}}
> {{Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory> create().register("https",
> factory).build();}}
> {{connManager = new
> PoolingHttpClientConnectionManager(socketFactoryRegistry);}}
> {{connManager.setMaxTotal(1000);}}
> {{connManager.setDefaultMaxPerRoute(200);}}
> {{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig
> = SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}}
> {{connManager.setDefaultSocketConfig(socketConfig);}}
>
> {{The used server is an Undertow instance configured to require SSL client
> authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE,
> SslClientAuthMode.REQUIRED)}}
>
> {{If I disable the client auth mode requirement httpclient just opens up one
> TCP connection to the server. If I enable https client authentication
> httpclient opens up to the configured route maximum (200) TCP connections to
> the server. I observed the same behavior using a different web server
> implementation.}}
> {{Enabling logging for PoolingHttpClientConnectionManager I can see that
> httpclient is using the full maximum of 200 connections per route if HTTPS
> client auth is required by the server (log after making ~1000 HTTP
> requests):}}
>
> {{No HTTPS client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
> [route: \{s}->https://localhost:9003][total available: 1; route allocated: 1
> of 200; total allocated: 1 of 1000]}}
>
> {{HTTPS Client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request:
> [route: \{s}->https://localhost:9003][total available: 200; route allocated:
> 200 of 200; total allocated: 200 of 1000]}}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
