On Tue, 2013-11-12 at 00:43 +0100, Sebastiano Vigna wrote: > On 11 Nov 2013, at 9:29 PM, Oleg Kalnichevski <[email protected]> wrote: > > > --- > > SSLContext sslcontext = SSLContexts.custom() > > .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); > > CloseableHttpClient client = HttpClients.custom() > > .setSslcontext(sslcontext) > > .build(); > > --- > > > I know this is not tecnically an HTTP Client question, but can SSLContext > objects be shared between HTTP clients? TrustSelfSignedStrategy is stateless, > so it can be shared, but it is really not clear from Java's documentation > whether the SSLContext object is stateless. >
I once spent a considerable amount of time trying to find out whether or not SSLContext instances are reentrant and thread safe. I did not manage to have found an explicit statement to that effect in Oracle documentation. Just looking at the Oracle's implementation of the class it appears that access to _some_ of its internals is synchronized. Moreover SSLContext instance is shared by all socket factories that it spawns (at least in recent Oracle's JREs) which again seems to suggest its code being reentrant and thread safe. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
