On Wed, 2012-04-04 at 17:01 -0400, Mark Claassen wrote: > We are still using HttpClient 4.01 and were considering upgrading to 4.1, but > I see a feature we were using is gone. In 4.01, there > was a DEFAULT_FACTORY which was the defined from > HttpsURLConnection.getDefaultSSLSocketFactory(); > > This was very useful to us. The reason for this was because our app is > launched by Java Webstart. When using the default socket > factory, we can benefit from Webstart handling the prompting for things like > host name verification. > > More importantly, however, was webstart's ability to interface with the > Window's keystore. We have a client that uses certificated > based authentication for their SSL connections. Using the default socket > factory makes everything just work. The users would get > prompted for a certificate and then they could activate it off their hardware > devices. (Presumably, then, the SSL encryption is > handled by the device. I have no idea how I would do this without webstart.) > > I guess I would like to know what is my best path to take to get this > working. Could I just subclass it and then override the > connectSocket() methods? I noticed that the javax SSLSocketFactory has > similar createSocket() methods... > > Thanks, > Mark >
Hi Mark I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient should not have had a direct dependency on HttpsURLConnection class. You have two options: (1) create a custom SSL socket factory that makes use of HttpsURLConnection#getDefaultSSLSocketFactory() (2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory(). This method creates an instance of SSLSocketFactory class using standard JSSE system properties similar to HttpsURLConnection Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
