Throwing an SSLException was the right thing to do. Now, everything is working as expected.
Thanks a lot Sachin On Fri, May 31, 2013 at 4:59 AM, Oleg Kalnichevski <[email protected]> wrote: > On Thu, 2013-05-30 at 15:07 -0400, Sachin Nikumbh wrote: > > Hi Oleg, > > > > Thanks for your reply. I started digging through the Apache async client > > code and have come with a way to access the server certificate > immediately > > after the SSL handshake in the verify method of SSLSetupHandler, To > achieve > > this, I created my own MySSLLayeringStrategy class that > > extends SSLLayeringStrategy as shows below : > > > > ******************************************************** > > class MySSLLayeringStrategy extends SSLLayeringStrategy{ > > > > private SSLContext sslContext; > > > > public MySSLLayeringStrategy(SSLContext context){ > > super(context); > > this.sslContext = context; > > } > > > > protected void initializeEngine(final SSLEngine engine) { > > super.initializeEngine(engine); > > } > > > > protected void verifySession(final IOSession iosession, > > final SSLSession sslsession) throws > SSLException { > > super.verifySession(iosession, sslsession); > > } > > > > public SSLIOSession layer(final IOSession iosession) { > > SSLIOSession ssliosession = new SSLIOSession(iosession, > > SSLMode.CLIENT, this.sslContext, > > new MySSLSetupHandler()); > > iosession.setAttribute(SSLIOSession.SESSION_KEY, > ssliosession); > > return ssliosession; > > } > > > > class MySSLSetupHandler implements SSLSetupHandler { > > > > public void initalize( > > final SSLEngine sslengine) throws SSLException { > > initializeEngine(sslengine); > > } > > > > public void verify( > > final IOSession iosession, > > final SSLSession sslsession) throws SSLException { > > > > verifySession(iosession, sslsession); > > > > // Now that basic hostname verification is done, perform > > extra authorization based on peer DN > > String peerDN = sslsession.getPeerPrincipal().getName(); > > if ( !authorizedPeer(peerDN) ){ > > throw new RuntimeException("Authorization failed"); > > } > > } > > } > > } > > ******************************************************** > > > > Now, I am using MySSLLayeringStrategy to create AsyncScheme > > > > ******************************************************** > > AsyncScheme scheme = new AsyncScheme( "https", 443, new > > MySSLLayeringStrategy(sslContext) ); > > ******************************************************** > > > > This seems to be doing the job but the exception thrown in the verify > > method causes the DefaultHttpAsyncClient instance to close abnormally as > I > > can see from the exception thrown: > > > > Why are throwing a RuntimeException exception for what is clearly an SSL > issue? > > Oleg > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
