We're using HttpClient for an Eclipse plugin. To support self-signed
certificates we also use EasySSLProtocolSocketFactory.
Hence, we modify the standard HttpClient HostConfiguration instance like so:
...
if (config.isAllowSelfSignedCertificates()) {
ProtocolSocketFactory factory = new EasySSLProtocolSocketFactory();
try {
URI uri = new URI(config.getBaseUrl());
int port = uri.getPort();
if (port == -1) {
port = 443;
}
Protocol easyHttps = new Protocol(uri.getScheme(), factory, port);
hostConfiguration.setHost(uri.getHost(), port, easyHttps);
} catch (URISyntaxException e) {
throw new IOException("could not parse URI " + config.getBaseUrl(), e);
}
}
...
While issuing requests agains an absolute URI, however, I got the dreaded
"javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target". This first left me puzzled as I
explicitly use EasySSLProtocolSocketFactory to get around this problem.
I found that the HttpClient has the following code in its executeMethod()
method:
...
if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
// make a deep copy of the host defaults
hostconfig = (HostConfiguration) hostconfig.clone();
if (uri.isAbsoluteURI()) {
hostconfig.setHost(uri);
}
}
...
So, my host config is cloned.
Since the so called deep copy isn't a proper deep copy the copy's protocol's
socket factory is no longer EasySSLProtocolSocketFactory but the standard
SSLProtocolSocketFactory instead!
Is this a known issue or am I misunderstanding something?
Cheers,
Marcel
--
Marcel Stör, http://www.frightanic.com
Couchsurfing: http://www.couchsurfing.com/people/marcelstoer
Skype: marcelstoer
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]