On Wed, 2013-02-13 at 10:12 +0000, [email protected] wrote: > Hi everyone > > We are upgrading our commons-httpclient-3.0-rc4.jar to HttpClient4.2 in our > Apps which are deployed on Websphere V7. > > We have a problem getting the right SSL-Configuration from the Websphere and > I found out, > that this is because of new way the SSLSocketFactory is being created in the > HttpClient4.X > > In the old commons-httpclient-3.x we get the socketfactory in > ReflectionSocketFactory.createSocket() (Oleg you did it :-)) > like this: javax.net.ssl.SSLSocketFactory.getDefault() > > This way we get in Websphere the right SSLSocketFactory: > com.ibm.websphere.ssl.protocol.SSLSocketFactory > (which is the default in java.security and uses WAS truststore and not java > cacerts). > > > With the new HttpClient4.2 this has changed, we get socketfactory from > org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory() > which return in Websphere another SSLSocketFactory > (com.ibm.jsse2.SSLSocketFactoryImpl) > > > I can workaround this in HttpClient4.X if I use the old way of getting the > socketFactory: > > javax.net.ssl.SSLSocketFactory > wasSslFactory=(javax.net.ssl.SSLSocketFactory) > javax.net.ssl.SSLSocketFactory.getDefault(); > org.apache.http.conn.ssl.SSLSocketFactory socketFactory = > new > org.apache.http.conn.ssl.SSLSocketFactory(wasSslFactory, > org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); > org.apache.http.conn.scheme.Scheme sch = new > org.apache.http.conn.scheme.Scheme("https", 443, socketFactory); > SchemeRegistry schemeRegistry = new SchemeRegistry(); > schemeRegistry.register(sch); > > but I don't understand why the way getting socketFactory in HttpClient4.X has > changed, are there any reasons? > > Oleg, can you explain this please? > > Thank you > Adrian
Adrian, While in the WAS context javax.net.ssl.SSLSocketFactory#getDefault() might be the right thing to do, generally applications are expected to explicitly configure SSL context they should be operating with. What you have is not a workaround but rather a correct (and recommended) approach to setting up SSL security with HttpClient. What I could do, though, is to make HttpClient use javax.net.ssl.SSLSocketFactory#getDefault() by default in the 4.3 branch. Hope this helps Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
