[jira] Commented: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551451 ] Rick McGuire commented on GERONIMO-3703: I think using a default context is probably a good idea. Most people don't know how to set up a default SSLContext, and I suspect for many uses, the current default would work just fine. I suspect you're correct though, that attaching it to the HttpRequestMessage makes a lot of sense. should allow custom SSL context for AsyncHttpClient --- Key: GERONIMO-3703 URL: https://issues.apache.org/jira/browse/GERONIMO-3703 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: AsyncHttpClient Affects Versions: 1.x Reporter: Sangjin Lee Priority: Critical Attachments: 3703.patch Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551589 ] Sangjin Lee commented on GERONIMO-3703: --- It should be OK, because sessions are reused for the specific host and port. The only case where it might get interesting is TLS where the same socket can be used both for http and https. However, I think the SSL filter is then constructed with TLS and the underlying SSLSocketFactory and SSLEngine would be TLS aware. So I suspect it would be OK. We might need to develop unit tests around TLS to test it vigorously in general. should allow custom SSL context for AsyncHttpClient --- Key: GERONIMO-3703 URL: https://issues.apache.org/jira/browse/GERONIMO-3703 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: AsyncHttpClient Affects Versions: 1.x Reporter: Sangjin Lee Priority: Critical Attachments: 3703.patch Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551600 ] Rick McGuire commented on GERONIMO-3703: Good test to add. Thanks! Committed revision 604016. should allow custom SSL context for AsyncHttpClient --- Key: GERONIMO-3703 URL: https://issues.apache.org/jira/browse/GERONIMO-3703 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: AsyncHttpClient Affects Versions: 1.x Reporter: Sangjin Lee Priority: Critical Attachments: 3703.patch, test.patch Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551154 ] Rick McGuire commented on GERONIMO-3703: Would making the createClientSSLContext() method protected rather than private be sufficient to provide this function? should allow custom SSL context for AsyncHttpClient --- Key: GERONIMO-3703 URL: https://issues.apache.org/jira/browse/GERONIMO-3703 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: AsyncHttpClient Affects Versions: 1.x Reporter: Sangjin Lee Priority: Critical Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551162 ] Sangjin Lee commented on GERONIMO-3703: --- One idea would be to allow callers to pass in SSLContext. One thing to think about is whether we want to make it part of an AsyncHttpClient instance or pass in SSLContext as part of a sendRequest() call. I think Jeff was talking about using a single instance of AsyncHttpClient for various different hosts, and I think it makes sense. If we want to preserve that ability, then making SSLContext part of AsyncHttpClient (which it is today) may not be a good idea. Maybe we should pass it in explicitly when we call sendRequest()? should allow custom SSL context for AsyncHttpClient --- Key: GERONIMO-3703 URL: https://issues.apache.org/jira/browse/GERONIMO-3703 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: AsyncHttpClient Affects Versions: 1.x Reporter: Sangjin Lee Priority: Critical Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551169 ] Sangjin Lee commented on GERONIMO-3703: --- One could add SSLContext to HttpRequestMessage as an optional field. In FutureListener, we could check the protocol (if it is https), check to see if the SSL filter is already in the filter chain (to handle a situation where the session is being reused), and then check the SSLContext off of the HttpRequestMessage and use it. The only interesting case is what you want to do if you need an SSLContext and the caller didn't set it on HttpRequestMessage. Do you then throw a RuntimeException or do you use a default SSLContext (something like what's being used currently)? I would think using a default context might not be a bad idea, but others might differ. should allow custom SSL context for AsyncHttpClient --- Key: GERONIMO-3703 URL: https://issues.apache.org/jira/browse/GERONIMO-3703 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: AsyncHttpClient Affects Versions: 1.x Reporter: Sangjin Lee Priority: Critical Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
