On Mon, Feb 12, 2018 at 6:48 PM, Murat Cetin <mceti...@gmail.com> wrote:
> Hi,
>
> I am having issues with the keep-alive in HttpsUrlConnection in some legacy
> code and considering the HttpClient as an alternative.
>
> My question is, essentially, I have a URLCursor class definition as follows:
>
>    public URLCursor(String[] urls, ClientMetadata clientMetadata) {
>         this.urls = urls;
>         this.urlIdx = 0;
>         this.clientMetadata = clientMetadata;
>         // Custom trust manager to ignore certification
>         TrustManager[] customTrustManager = new TrustManager[]{
>             new X509TrustManager() {
>                 public X509Certificate[] getAcceptedIssuers() {
>                     return null;
>                 }
>                 public void checkClientTrusted(X509Certificate[]
> certs, String authType) {
>                 }
>                 public void checkServerTrusted(X509Certificate[]
> certs, String authType) {
>                 }
>             }
>         };
>         // Custom host verifier to accept all hosts.
>         HostnameVerifier allHostsValid = new HostnameVerifier() {
>             public boolean verify(String hostname, SSLSession session) {
>                 return true;
>             }
>         };
>
>         // Setup custom SSL trust manager that ignores SSL certificate
> validation =
>         try {
>             SSLContext sc = SSLContext.getInstance("SSL");
>             sc.init(null, customTrustManager, new 
> java.security.SecureRandom());
>             
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>             HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
>         } catch (Exception e) {
>             System.err.println("Error: Failed to establish https with
> no cert verification");
>         }
>     }
>
> I have a subsequent next() method that essentially creates a new URL, opens
> a http connection using url.openConnection(), gets a BufferedReader from
> the input stream and then reads lines out of this stream
>
> How can I achieve the same using HttpClient, especially the constructor
> logic that ignores the certification?

Murat,

>From what I see, what you are doing is disabling hostname and SSL
certificate verification. You can achieve both using a
NoopHostnameVerifier and a TrustAllStrategy for certificates.

You can initialize your HttpClient something like:

SSLContext sslContext = SSLContexts.custom().loadTrustMaterial( new
TrustAllStrategy() ).build();
CloseableHttpClient httpClient =
HttpClients.custom().setSSLHostnameVerifier(
NoopHostnameVerifier.INSTANCE ).setSSLContext( sslContext ).build();

Depending on your use case, unless you are running requests across
multiple threads, you should be able to share the http client instance
created for all your requests.

Disclaimer: it is not a good idea to have any of those verifications
turned off in production.

Bindul

>
> thanks,
> Murat
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Reply via email to