On Wed, 17 Oct 2001 09:01:01 -0700, in soap you wrote: >[Sorry for the repost from yesterday, not sure if nobody knows the answer, or whether >it was simply not received.] > >I have a Java client (Apache SOAP 2.2) using JSSE 1.0.2 for HTTPS URLs to my web >service. The client is behind a proxy server (netscape?). The connection to the >proxy is always over port 80, even though my code is connecting to an HTTPS port 443 >URL. > >What I've found is that when I use an HTTP port 80 url to our service, it is able to >communicate okay, but that won't work for production where SSL is required. But when >I try to connect over HTTPS, the communications never takes place. (Mind you, this >works fine for HTTPS when there's no proxy server in the middle -- that is, the >client is able to communicate directly with SSL across the Internet when no proxy >exists -- and it can communicate through the proxy when using HTTP only by calling >the setProxy methods on SoapTransport) > >From the Apache source, I'm not sure, but is the communications from the client to >the proxy server encrypted with SSL already, or is that done in the clear with the >expectation that the proxy server will then initiate the SSL connection to my SOAP >server? What is the SOAP code doing when the URL says use HTTPS, but the proxy >configuration says to communicate over port 80 to the proxy server? > >It's a question of SSL tunneling versus HTTPS proxying... > >If it sends the data to the proxy server via SSL, how does the proxy server know >where to forward the request to since the HTTP headers contain the target URL and >they'd be encrypted. > >Thanks, >David
If you want to proxy SSL connections, then you need to use the CONNECT method to the proxy, this requires the proxy to support using CONNECT, and for the http client code to recognize that you're trying to proxy SSL, and to send the CONNECT command first. I don't know if there's any support for this in the Apache SOAP http stack. Cheers Simon www.pocketsoap.com
