On Thu, Jan 05, 2006 at 01:51:24PM +0100, Kim B. Andersen wrote: > Oleg, > > The ssl certification is self signen, so I'm not interessed in checking > the certification. I use EasySSLProtocolSocketFactory( you properly know > the code ) :) , the only thing that I have changed is making an internal > class (SecureManager) instead of using EasyX509TrustManager. > SecureManager does nothing. I thought that I did need to log this and > that it would be faster when doing nothing - maybee I was wrong. As you > can see I'm a newbiee when it comes to http communication, so I have > taken most of it from the web.
Kim, (1) Are you re-using the instance of HttpClient along with all the connections it may hold open? (2) Try turning off the stale connection check http://jakarta.apache.org/commons/httpclient/performance.html#Stale%20connection%20check (3) Try running your app with SSL debugging on to see if the SSL handshake is indeed the culprit http://www.onjava.com/pub/a/onjava/excerpt/java_security_ch1/?page=5 Hope this helps Oleg > > import java.io.IOException; > import java.net.InetAddress; > import java.net.Socket; > import java.net.UnknownHostException; > import java.security.cert.X509Certificate; > > import org.apache.commons.httpclient.ConnectTimeoutException; > import org.apache.commons.httpclient.HttpClientError; > import org.apache.commons.httpclient.params.HttpConnectionParams; > import > org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory; > import > org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; > import org.apache.commons.logging.Log; > import org.apache.commons.logging.LogFactory; > > import javax.net.ssl.SSLContext; > import javax.net.ssl.TrustManager; > import javax.net.ssl.X509TrustManager; > > /** > * <p> > * EasySSLProtocolSocketFactory can be used to creats SSL [EMAIL PROTECTED] > Socket}s > * that accept self-signed certificates. > * </p> > * <p> > * This socket factory SHOULD NOT be used for productive systems > * due to security reasons, unless it is a concious decision and > * you are perfectly aware of security implications of accepting > * self-signed certificates > * </p> > * > * <p> > * Example of using custom protocol socket factory for a specific host: > * <pre> > * Protocol easyhttps = new Protocol("https", new > EasySSLProtocolSocketFactory(), 443); > * > * HttpClient client = new HttpClient(); > * client.getHostConfiguration().setHost("localhost", 443, > easyhttps); > * // use relative url only > * GetMethod httpget = new GetMethod("/"); > * client.executeMethod(httpget); > * </pre> > * </p> > * <p> > * Example of using custom protocol socket factory per default instead > of the standard one: > * <pre> > * Protocol easyhttps = new Protocol("https", new > EasySSLProtocolSocketFactory(), 443); > * Protocol.registerProtocol("https", easyhttps); > * > * HttpClient client = new HttpClient(); > * GetMethod httpget = new GetMethod("https://localhost/";); > * client.executeMethod(httpget); > * </pre> > * </p> > * > * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a> > * > * <p> > * DISCLAIMER: HttpClient developers DO NOT actively support this > component. > * The component is provided as a reference material, which may be > inappropriate > * for use without additional customization. > * </p> > */ > > public class EasySSLProtocolSocketFactory implements > SecureProtocolSocketFactory { > > /** Log object for this class. */ > private static final Log LOG = > LogFactory.getLog(EasySSLProtocolSocketFactory.class); > > private SSLContext sslcontext = null; > > /** > * Constructor for EasySSLProtocolSocketFactory. > */ > public EasySSLProtocolSocketFactory() { > super(); > } > > private SSLContext createEasySSLContext() { > try { > SSLContext context = SSLContext.getInstance("SSL"); > context.init(null, new TrustManager[] {new > EasySSLProtocolSocketFactory.SecureManager()}, null); > return context; > } catch (Exception e) { > LOG.error(e.getMessage(), e); > throw new HttpClientError(e.toString()); > } > } > > private SSLContext getSSLContext() { > if (this.sslcontext == null) { > this.sslcontext = createEasySSLContext(); > } > return this.sslcontext; > } > > /** > * @see > SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.I > netAddress,int) > */ > public Socket createSocket(String host, int port, InetAddress > clientHost, int clientPort) throws IOException, UnknownHostException { > return getSSLContext().getSocketFactory().createSocket(host, > port, clientHost, clientPort); > } > > /** > * Attempts to get a new socket connection to the given host within > the given time limit. > * <p> > * To circumvent the limitations of older JREs that do not support > connect timeout a > * controller thread is executed. The controller thread attempts to > create a new socket > * within the given limit of time. If socket constructor does not > return until the > * timeout expires, the controller terminates and throws an [EMAIL > PROTECTED] > ConnectTimeoutException} > * </p> > * > * @param host the host name/IP > * @param port the port on the host > * @param clientHost the local host name/IP to bind the socket to > * @param clientPort the port on the local machine > * @param params [EMAIL PROTECTED] HttpConnectionParams Http connection > parameters} > * > * @return Socket a new socket > * > * @throws IOException if an I/O error occurs while creating the > socket > * @throws UnknownHostException if the IP address of the host cannot > be > * determined > */ > public Socket createSocket( final String host, final int port, final > InetAddress localAddress, final int localPort, final > HttpConnectionParams params) throws IOException, UnknownHostException, > ConnectTimeoutException { > if (params == null) { > throw new IllegalArgumentException("Parameters may not be > null"); > } > int timeout = params.getConnectionTimeout(); > if (timeout == 0) { > return createSocket(host, port, localAddress, localPort); > } else { > // To be eventually deprecated when migrated to Java 1.4 or > above > return ControllerThreadSocketFactory.createSocket( > this, host, port, localAddress, localPort, timeout); > } > } > > /** > * @see > SecureProtocolSocketFactory#createSocket(java.lang.String,int) > */ > public Socket createSocket(String host, int port) throws > IOException, UnknownHostException { > return getSSLContext().getSocketFactory().createSocket( host, > port ); > } > > /** > * @see > SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.Strin > g,int,boolean) > */ > public Socket createSocket(Socket socket, String host, int port, > boolean autoClose) throws IOException, UnknownHostException { > return getSSLContext().getSocketFactory().createSocket( socket, > host, port, autoClose ); > } > > public boolean equals(Object obj) { > return ((obj != null) && > obj.getClass().equals(EasySSLProtocolSocketFactory.class)); > } > > public int hashCode() { > return EasySSLProtocolSocketFactory.class.hashCode(); > } > > //Inner class > class SecureManager implements X509TrustManager { > > public X509Certificate[] getAcceptedIssuers() { return null; } > > public void checkClientTrusted( X509Certificate[] certs, String > authType) {} > > public void checkServerTrusted(X509Certificate[] certs, String > authType) {} > > } > } > > > > > -----Oprindelig meddelelse----- > Fra: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sendt: 5. januar 2006 13:29 > Til: [email protected] > Emne: Re: SV: Slow to open connection after an hour or so > > > On Thu, Jan 05, 2006 at 08:38:11AM +0100, Kim B. Andersen wrote: > > Hi > > > > hope it's readable > > > > First hour > > > > 2006/01/03 14:46:49:926 CET [DEBUG] HttpConnection - Open connection > to fastnetselvbetjening.tdconline.dk:443 > > 2006/01/03 14:46:50:038 CET [DEBUG] header - >> "GET > /Krump/Alivetest.do?ws HTTP/1.1[\r][\n]" > > > > After the first hour > > > > 2006/01/04 07:58:50:230 CET [DEBUG] HttpConnection - Open connection > to fastnetselvbetjening.tdconline.dk:443 > > 2006/01/04 07:58:59:230 CET [DEBUG] header - >> "GET > /Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]" > > > > Kim, > > Apparently the 9sec delay is caused by the SSL related stuff. Most > likely for some reason the SSL handshake takes some time. How do you > configure the SSL context on the clietn side? > > Oleg > > > > Kim Andersen > > -----Oprindelig meddelelse----- > > Fra: Ortwin Gl?ck [mailto:[EMAIL PROTECTED] > > Sendt: 4. januar 2006 17:19 > > Til: HttpClient Project > > Emne: Re: Slow to open connection after an hour or so > > > > > > My ideas: > > * Anything in the logs? > > * Is there a chance that you are exhausting the connection pool by > never > > returning your connections? New connection requests would then block > > until one gets available > > * Maybe attach a debugger / profiler or use jconsole > > > > Hell, it would be nice if HttpClient had some JMX beans to provide > > information about pools etc. at runtime. I'll add that as a > requirement > > for 4.0. > > > > Odi > > > > Kim B. Andersen wrote: > > > Hi > > > > > > I'm devolping a program which grabs webpage every 5min and measure > the > > > time it takes. I have succesful used httpclient to get the pages and > it > > > works fine:). The problem is opening of connection in httpclient get > > > very slow after and hour or so.The first hour opening a connection > takes > > > 50ms at max and after an hour it takes 10 seconds. Opening of > connection > > > gets fast if I restarte the program. Any Ideas what the problem > could > > > be? > > > > > > I have tried the following/uses: > > > > > > jvm version: 1.5.0_6/1.4.2_05 > > > httpclient: 3.0 rc4/ 3.0 rc4 > > > I have tried both with proxy and out > > > I have tried both MultiThreadedHttpConnectionManager and simple > > > > > > Hope you can help me > > > > > > /Kim Andersen > > > > > > > -- > > [web] http://www.odi.ch/ > > [blog] http://www.odi.ch/weblog/ > > [pgp] key 0x81CF3416 > > finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416 > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
