atom feed17 messages in org.apache.hc.httpclient-usersRe: How to set proxy information in h...
FromSent OnAttachments
nitya vyasAug 29, 2007 10:44 am 
dh...@lexmark.comAug 29, 2007 12:57 pm 
nitya vyasAug 30, 2007 2:00 am 
Roland WeberAug 31, 2007 10:47 am 
Puneet LakhinaSep 5, 2007 11:46 am 
nitya vyasSep 12, 2007 4:55 am 
Tobias MeierSep 12, 2007 7:36 am 
nitya vyasSep 13, 2007 5:15 am 
Roland WeberSep 14, 2007 7:25 am 
nitya vyasSep 17, 2007 1:01 am 
nitya vyasSep 17, 2007 11:22 pm 
nitya vyasSep 18, 2007 10:49 pm 
Roland WeberSep 19, 2007 10:48 am 
nitya vyasSep 19, 2007 11:09 am 
Roland WeberSep 19, 2007 11:21 am 
nitya vyasSep 20, 2007 9:53 pm 
Roland WeberSep 21, 2007 11:26 pm 
Subject:Re: How to set proxy information in httpClient object from browser
From:Roland Weber (ossf@dubioso.net)
Date:Sep 21, 2007 11:26:43 pm
List:org.apache.hc.httpclient-users

Hello Nitya,

in the implementation they say that you need to write this...

Protocol stricthttps = new Protocol( "https", new StrictSSLProtocolSocketFactory(true), 443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("hostname", 443, stricthttps);

Now this Factory implementation stops the man in the middle attack... by verifying the hostName... TRUE passed in its constructor..

But doesnt it mean that it should also call this classes' createSocket() method??? because that method has the method verifyHostName() which should be called so that hostname is verified???

When SSL connections are tunnelled through a proxy, there is first a plain HTTP connection to the proxy. That's what you've made to work now. Subsequently, a tunnel to the target is established, and the SSL connection with protocol "https" is layered on top of that. You don't have to verify a hostname for the connection to the proxy.

By implementing the above code I see that the createSocket() method of StrictSSLProtocolSocketFactory class doesnt get called.. why is that??? or i m missing something here????

Have a look at HttpConnection.tunnelCreated, that's where the SSL connection is layered on top of the tunnel.

If you have specific SSL questions, you should also consider posting them to the nyc-ssl mailing list: http://www.juliusdavies.ca/commons-ssl/

hope that helps, Roland