On Thu, 2018-12-20 at 02:53 +0000, Rahul Joshi wrote: > Hi, > I'm using HttpClient to connect to a target server via a proxy > server. Both the target host and the proxy host use TLS, but for TLS > mutual authentication, each has different server and client > certificate requirements. > Is there a recommended or supported way to specify different > KeyManagers and TrustManagers for connections to each of these > hosts? > In my case I'm using a tunneled and layered route, and a custom SSL > context. > One possibility I'm thinking is as follows: > 1. specify a different scheme (e.g., proxy-https instead of https) > for the proxy's HttpHost object, and 2. register the scheme (proxy- > https) in the Registry object with a proxy specific > ConnectionSocketFactory, created using an SSLContext which is > initialized using proxy specific KeyManagers and TrustManagers. This > is in addition to similarly registering the scheme https in the > Registry with target specific ConnectionSocketFactory. > However, it would be good to know a recommended or supported > approach. > Thanks,Rahul
One can exert full control over the process of Socket initialization using a custom LayeredConnectionSocketFactory and choose different SSLContext instances for different connections. Please note though HttpClient supports plain http proxy connections only, https proxy connections are not supported. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org