Manish Tiwari created CXF-9194:
----------------------------------
Summary: Support SNI in CXF client with Apache HttpComponents
HttpClient
Key: CXF-9194
URL: https://issues.apache.org/jira/browse/CXF-9194
Project: CXF
Issue Type: Bug
Components: Core, Transports
Affects Versions: 4.1.4
Reporter: Manish Tiwari
The capability to set SNI info in SSL is important to get the correct
certificate from the server in case the server supports the SNI. Today the only
way to use SNI in CXF client seems to be using SSLSocketFactory. We can set
this in TlsClientParameters and we set the SNI in the socket when we receive
the createSocket call.
SNIHostName sniHostName = new SNIHostName(sniForServer);
SSLParameters params = new SSLParameters();
params.setServerNames(Collections.<SNIServerName> singletonList(sniHostName));
sslSocket.setSSLParameters(sslParams);
But if we set SSLSocketFactory then the CXF will use Java
HttpURLConnection/HttpClient instead of the HttpComponents HttpClient. The SNI
is already available in the HttpConduit via. HttpClientPoilicy#host property.
Or a new field can be added in TlsClientParameters for the SNI. This SNI then
can be set in the SSLEngine in the initializeSSLEngine method of the
AsyncHTTPConduit as below.
SNIHostName sniHostName = new SNIHostName(sni);
SSLParameters params = new SSLParameters();
params.setServerNames(Collections.<SNIServerName> singletonList(sniHostName));
sslEngine.setSSLParameters(sslParams);
Please add the SNI support with use of Async HTTP transport with CXF client.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
