[jira] [Updated] (CXF-8667) Custom certificate alias not being used when using HC5 AsyncHTTPConduit

Tue, 01 Mar 2022 05:49:07 -0800 


     [ 
https://issues.apache.org/jira/browse/CXF-8667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bastien Bouclet updated CXF-8667:
---------------------------------
    Description: 
When using `org.apache.cxf.transport.http.asyncclient.hc5.AsyncHTTPConduit` and 
setting `TLSClientParameters.certAlias` so the HTTP client sends a specific 
client certificate from the keystore, the certificate alias is ignored.

>From what I've been able to debug, it seems `AsyncHTTPConduit` creates a 
>`RegistryBuilder<TlsStrategy>` with the proper SSL settings but never actually 
>registers them with the HTTP client:

https://github.com/apache/cxf/blob/1ecc24d817d4ef0cba4a4079a1c69abf33d1ad9b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java#L528

  was:
When using `org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduit` and 
setting `TLSClientParameters.certAlias` so the HTTP client sends a specific 
client certificate from the keystore, the certificate alias is ignored.

>From what I've been able to debug, it seems `AsyncHTTPConduit` sets the SSL 
>settings to be used in the http client context attribute 
>`http.iosession-factory-registry`:

[https://github.com/apache/cxf/blob/e758de3e60501bd33ca1b9ef3df685128d4a443a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java#L564]

However, the http client is using the context attribute 
`http.ioSession-factory-registry` (note the different capitalisation) 
(org.apache.http.protocol.BasicHttpContext is case sensitive):

[https://github.com/apache/httpasyncclient/blob/0f491c178be95114122957aa60e64f347d965e73/httpasyncclient/src/main/java/org/apache/http/impl/nio/conn/PoolingNHttpClientConnectionManager.java#L100]

 


> Custom certificate alias not being used when using HC5 AsyncHTTPConduit
> -----------------------------------------------------------------------
>
>                 Key: CXF-8667
>                 URL: https://issues.apache.org/jira/browse/CXF-8667
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 3.5.0
>            Reporter: Bastien Bouclet
>            Priority: Major
>
> When using `org.apache.cxf.transport.http.asyncclient.hc5.AsyncHTTPConduit` 
> and setting `TLSClientParameters.certAlias` so the HTTP client sends a 
> specific client certificate from the keystore, the certificate alias is 
> ignored.
> From what I've been able to debug, it seems `AsyncHTTPConduit` creates a 
> `RegistryBuilder<TlsStrategy>` with the proper SSL settings but never 
> actually registers them with the HTTP client:
> https://github.com/apache/cxf/blob/1ecc24d817d4ef0cba4a4079a1c69abf33d1ad9b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java#L528



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to