On Thu, 2018-12-20 at 02:53 +0000, Rahul Joshi wrote:
> Hi,
> I'm using HttpClient to connect to a target server via a proxy
> server. Both the target host and the proxy host use TLS, but for TLS
> mutual authentication, each has different server and client
> certificate requirements.
> Is there a recommended or supported way to specify different
> KeyManagers and TrustManagers for connections to each of these
> hosts?
> In my case I'm using a tunneled and layered route, and a custom SSL
> context.
> One possibility I'm thinking is as follows:
> 1. specify a different scheme (e.g., proxy-https instead of https)
> for the proxy's HttpHost object, and 2. register the scheme (proxy-
> https) in the Registry object with a proxy specific
> ConnectionSocketFactory, created using an SSLContext which is
> initialized using proxy specific KeyManagers and TrustManagers. This
> is in addition to similarly registering the scheme https in the
> Registry with target specific ConnectionSocketFactory.
> However, it would be good to know a recommended or supported
> approach.
> Thanks,Rahul
One can exert full control over the process of Socket initialization
using a custom LayeredConnectionSocketFactory and choose different
SSLContext instances for different connections.
Please note though HttpClient supports plain http proxy connections
only, https proxy connections are not supported.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
