On Sun, 2013-02-24 at 08:02 +0530, Sivasubramaniam Sivakumar wrote: > Hi, > > I have an HTTPS proxy set up so that HTTP clients can send plain HTTP > requests securely to the proxy. For example, a client can send an encrypted > HTTP GET request to the proxy, which will remove the encryption and send > the plain HTTP GET request to the end-site. > > I learned that this is not a common set up and only Google Chrome has > in-built features to support such a scenario. (Info here - > http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection). > I have made Google Chrome work with my HTTPS proxy and hence there is no > trouble on the proxy side. > > I wish to write an HTTP Client that will encrypt all requests to my HTTPS > Proxy. I tried setting an HTTPS proxy to DefaultHttpClient this way - > DefaultHttpClient dhc = new DefaultHttpClient(); > HttpHost proxy = new HttpHost("192.168.2.3", 8181, "https"); //NOTE : > https > dhc.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); > > Then trying to execute any request gives me an SSLPeerUnverifiedException. > I do not understand the reason why. > > During my exploration of the DefaultHttpClient API, I came across > HttpRoutePlanner and HttpRoute with which we can specify whether the > connection to proxies should be encrypted or not. However, I am unable to > make this work. > > Here is a diagram that explains my setup by differentiating it with a HTTP > Proxy setup - > > HTTP Proxy: > > HTTP Client <------- Plain Text GET, POST Requests -------> HTTP Proxy > <------- Plain Text GET, POST Requests -------> HTTP End-Site > > HTTP Client <------- Plain Text CONNECT Requests -------> HTTP Proxy > <------- Plain Text CONNECT Requests -------> HTTPS End-Site > > NOTE: For HTTPS End-Sites, only the CONNECT Request is seen by the proxy. > Then an SSL Tunnel is established between the Client and End-Site > > HTTPS Proxy: > > HTTP Client <------- Encrypted GET, POST Requests -------> HTTPS Proxy > <-------- Plain Text GET, POST Requests --------> HTTP End-Site > > HTTP Client <------- Encrypted CONNECT Requests -------> HTTPS Proxy > <------- Plain Text CONNECT Requests -------> HTTPS End-Site > > NOTE: For HTTPS End-Sites, only the initial CONNECT Request should be > encrypted to the proxy. The subsequent request will anyway be tunnelled. > > Can anybody please let me know how I can achieve this goal? I believe > HttpRoutePlanner should help, but I don't know how. Thanks. > > Regards, > Sivasubramaniam S.
Sivasubramaniam, Apache HttpClient 4.x only supports SSL via proxy only by connection tunneling. It does not support HTTPS proxies. For details see https://issues.apache.org/jira/browse/HTTPCLIENT-1318 Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
