RE: Customizing SSL in HttpClient

Tue, 11 Jun 2013 03:13:23 -0700 

Anil
 
if you want JSSE Handshaking to be enabled on server enable AprLifecycle 
Listener on server.xml e.g.
  <Listener className="org.apache.catalina.core.AprLifecycleListener" 
SSLEngine="on" />

Any WebServer (including Tomcat) has no knowledge of external HTML Servers 
around it you should use netstat
>netstat -ab | grep 443

Tell us what you see
Martin 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.

 
> From: anigo...@cisco.com
> To: users@tomcat.apache.org
> Subject: RE: Customizing SSL in HttpClient
> Date: Tue, 11 Jun 2013 06:29:05 +0000
> 
> 
> 
> -----Original Message-----
> From: Anil Goyal -X (anigoyal - Aricent Technologies at Cisco) 
> Sent: Tuesday, June 11, 2013 11:23 AM
> To: Tomcat Users List
> Subject: RE: Customizing SSL in HttpClient
> 
> 
> 
> -----Original Message-----
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Monday, June 10, 2013 7:51 PM
> To: Tomcat Users List
> Subject: Re: Customizing SSL in HttpClient
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Anil,
> 
> On 6/10/13 8:42 AM, Anil Goyal -X (anigoyal - Aricent Technologies at
> Cisco) wrote:
> > I am trying to create a http client and send a request to certain port 
> > of a server using below code:
> > 
> > HttpClient client = new HttpClient(); 
> > client.getHostConfiguration().setHost(address, portNumber, protocol);
> > 
> > Here portNumber that I am setting is 8444(https port of tomcat)
> > 
> > When I execute client.executemethod() and at the server side when I 
> > tried to retrieve request.getRequestURL(), I am getting the url with 
> > port 443 not 8444 which I set in client. Even request.getServerPort is 
> > giving 443 not 8444.
> 
> Is there any kind of port-forwarding or anything else going on?
> 
> > The things are working fine for 8081(http port of tomcat) i..e 
> > HttpClient client = new HttpClient(); 
> > client.getHostConfiguration().setHost(address, portNumber, protocol);
> > 
> > Here portNumber that I am setting is 8081(https port of tomcat)
> > 
> > When I execute client.executemethod() and at the server side when I 
> > tried to retrieve request.getRequestURL(), I am getting the url with 
> > port 8081 which I set in client. Even request.getServerPort is giving 
> > 8081.
> 
> Can you show us a bit more of the code? It's not clear from you client code 
> that the port number is set correctly, and you only mentioned the server. Can 
> you give us some of that, too? Also, what do your <Connector> elements look 
> like in server.xml?
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBCAAGBQJRteC5AAoJEBzwKT+lPKRY8TUP/3QuIqKPxB5HjVaUywkPmIQt
> +LoZLdHhOLdrkwE2ojW1qk0YnX2wpgr6W3W6uBk5l5yrrdcHAFcOWcNIi9fjl8bo
> xW8uZi+vGkyv1Pdii5JJrfDjbxdtbsTpHBn7yoKMUzJ9V9xmHwqNsi89xi/mZLty
> hj6LNMvftgpQQdPmoPoLJr4ZfmQj2DAI+wX0u/fNgk8cf5wdHJZZu03COPIeRbam
> Gn+fOjfK0YL93ntmLP2PbGtlCprBaqPcZRh+AiKFhg4W7+qGVDXGa2SIvrcWbgdU
> qHRKxyJ+5j3o0Y74Q0wKRcSEUXbidEhDAtJCQgNOJJi+S4SYgl2OLOXhkxMABBkS
> xYIXsAPu4SoVcuiCpGvb2LhD5uqMOyH0NxCpv/TVFsEzOy2EZHLrts1DYNAyIo7M
> zqZv2efOTPwcaHRZxgzUB2s23uzs3aiXiKOzYHB7AALJnASCx4fNeOgZwMxdK6o0
> qs09m0EKL29QurG3iKXHCA0dOeZzxV4ZUduFZtR2eLIsayqoKpL6fh+asLZFW40y
> ZMOvPzlpXwdRX36IdzwTlwrvMOmynfgGfL/yAdCfqN0hlA0OVo7PYNryxSfZhX+2
> O1//zDFNSxs2BS9ErQkNyKP8xfVk76XbYUybsbNtivnxjv1a8N72h3qeuixA/ZUJ
> gJEvsTX0kD+rb8xYmIlJ
> =Qqhu
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> Please consider the code flow as below:
> 
> HttpClient client = new HttpClient();
> portNumber = secure ? LocalNetworkConstants.DEFAULT_HTTPS_PORT : 
> LocalNetworkConstants.DEFAULT_HTTP_PORT; // DEFAULT_HTTPS_PORT=8444 and 
> DEFAULT_HTTP_PORT=8081 define in  LocalNetworkConstants.java  LOG.debug("the 
> value of https port is"+String.valueOf(portNumber)); if (secure) {
>         Protocol protocol = new 
> Protocol(LocalNetworkConstants.URISCHEME_HTTPS, new 
> ExtendedProtocolSocketFactory(address, 
> locationData.isAcceptSelfSignedCertificates(), 
> locationData.isAcceptCertificateErrors()) , portNumber);
>         client.getHostConfiguration().setHost(address, portNumber, protocol);
>          LOG.debug("setting the host for https"+String.valueOf(portNumber));
>     }
>     else {
>         client.getHostConfiguration().setHost(address, portNumber);
>         LOG.debug("setting the host for http"+String.valueOf(portNumber));
>     }
> 
> 
> GetMethod method = new GetMethod(LocalNetworkConstants.INFO_FEEDER_PATH);
> int returnCode = client.executeMethod(method);
> 
> This is the code at the client side.
> 
> At the server side, 
> 
> I have 8444 and 8081 port defined in server.xml
> 
> <Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" 
> disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8193" 
> maxSpareThreads="25" maxThreads="25" minSpareThreads="10" port="8081" 
> protocol="HTTP/1.1" redirectPort="8444" server=" "/>
>     <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" 
> ciphers=" " clientAuth="false" disableUploadTimeout="true" 
> enableLookups="false" keystoreFile="" keystorePass="" keystoreType="" 
> maxHttpHeaderSize="8192" maxSpareThreads="25" maxThreads="25" 
> minSpareThreads="10" port="8444" protocol="HTTP/1.1" scheme="https" 
> secure="true" server=" " sslProtocol="TLS"/>
> 
> Also I have these two ports entry in iptables.
> 
> Now in the tomcat redirection valve, I have below code written
> 
> int port = request.getServerPort();
> StringBuffer url = request.getRequestURL();
> 
> 
> So now the problem are is, when from client I disable ssl and send the 
> request at port 8081 then in tomcat valve, port -8081 and url also contains 
> port 8081.
> 
> But when from client , I enable ssl and send the request at port 8444, then 
> here in valve the request.getServerPort returns 443 and even in url also port 
> is 443.
> 
> So I am not able to understand why the https port is converting into 443 from 
> 8444 while http port 8081 is working fine.
> 
> Even in tomcat access valve, the request is coming at port 8444 as shown below
> [11/Jun/2013:11:16:58 +0530] 10.93.230.203 10.93.230.203 admin - 8444 GET 
> /feeder/info HTTP/1.1 500 2581 123
> 
> For http port also the request is coming at port 8081 of tomcat
> [11/Jun/2013:11:18:29 +0530] 10.93.230.203 10.93.230.203 admin - 8081 GET 
> /feeder/info HTTP/1.1 200 4377 286
> 
> But I am totally confused why request.getServerPort is giving 443 for https 
> ???
> 
> Thanks
> Anil
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> When I replace request.getServerPort() with request.getLocalPort(), it is 
> giving me the port 8444.
> So things are working fine when I use request.getLocalPort().
> 
> So do you have any ideas why request.getServerPort is giving 443 and 
> request.getLocalPort is giving 8444 when I hit the url 
> https://ip-address:8444/context to tomcat.
> And request.getServerPort() is giving 8081 and request.getLocalPort is also 
> giving 8081 when in hit the url http://ip-address:8081/context to tomcat.??
> 
> Please suggest
> 
> Thanks
> Anil
> Т���������������������������������������������������������������������ХF�V�7V'67&�&R�R���âW6W'2�V�7V'67&�&TF��6B�6�R��&pФf�"FF�F����6����G2�R���âW6W'2ֆV�F��6B�6�R��&pР
t

Reply via email to