On Tue, 2013-06-04 at 17:09 +0100, Dave Roberts wrote: > Short version:- > I'm trying to work out how to connect to multiple servers at the > same time but with potentially different SSL requirements for those > servers. E.g. use different client auth certs, which might be signed > by the same CA. > > I've looked at and used the PoolingClientConnectionManager along > with the SchemeRegistry. However it seems that only one socket > factory can be set for any given Scheme. > > Any advice on the best way to achieve this? > > What (I think) I'd really like is to have an optional socket factory > per target host, in addition to the default for the scheme. > > > More info: > I've tried adding Schemes with a unique name, which works OK until > the server sends a redirect. I'd have to start intercepting these > and re-writing the URL each time. > > I could sub-class PoolingClientConnectionManager and implement my > own ClientConnectionOperator as a sub-class of > DefaultClientConnectionOperator, and ensure that the right Scheme is > in place, but it doesn't look like that's an intended way of > extended the class. >
You should implement a custom SSL socket factory that creates a new SSLContext for each new connection based on custom parameters passed to the #createSocket(HttpParams) method. HTTP parameters can be set on individual requests as appropriate. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
