[
https://issues.apache.org/jira/browse/CXF-9194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko resolved CXF-9194.
-------------------------------
Resolution: Fixed
> Support SNI in CXF client with Apache HttpComponents HttpClient
> ---------------------------------------------------------------
>
> Key: CXF-9194
> URL: https://issues.apache.org/jira/browse/CXF-9194
> Project: CXF
> Issue Type: Bug
> Components: Core, Transports
> Affects Versions: 4.1.4
> Reporter: Manish Tiwari
> Assignee: Andriy Redko
> Priority: Major
> Fix For: 4.1.5, 3.6.10, 4.0.11
>
>
> The capability to set SNI info in SSL is important to get the correct
> certificate from the server in case the server supports the SNI. Today the
> only way to use SNI in CXF client seems to be using SSLSocketFactory. We can
> set this in TlsClientParameters and we set the SNI in the socket when we
> receive the createSocket call.
>
> SNIHostName sniHostName = new SNIHostName(sniForServer);
> SSLParameters params = new SSLParameters();
> params.setServerNames(Collections.<SNIServerName> singletonList(sniHostName));
> sslSocket.setSSLParameters(sslParams);
>
> But if we set SSLSocketFactory then the CXF will use Java
> HttpURLConnection/HttpClient instead of the HttpComponents HttpClient. The
> SNI is already available in the HttpConduit via. HttpClientPoilicy#host
> property. Or a new field can be added in TlsClientParameters for the SNI.
> This SNI then can be set in the SSLEngine in the initializeSSLEngine method
> of the AsyncHTTPConduit as below.
>
> SNIHostName sniHostName = new SNIHostName(sni);
> SSLParameters params = new SSLParameters();
> params.setServerNames(Collections.<SNIServerName> singletonList(sniHostName));
> sslEngine.setSSLParameters(sslParams);
>
> Please add the SNI support with use of Async HTTP transport with CXF client.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
