Thanks for the reply. I think that addresses my questions. I will check out the 4.2 source code and see if that is what I had in mind.
Mark -----Original Message----- From: Oleg Kalnichevski [mailto:[email protected]] Sent: Monday, April 09, 2012 3:55 PM To: HttpClient User Discussion Subject: Re: Access to "system" SSL socket factory. On Wed, 2012-04-04 at 17:01 -0400, Mark Claassen wrote: > We are still using HttpClient 4.01 and were considering upgrading to > 4.1, but I see a feature we were using is gone. In 4.01, there was a > DEFAULT_FACTORY which was the defined from > HttpsURLConnection.getDefaultSSLSocketFactory(); > > This was very useful to us. The reason for this was because our app > is launched by Java Webstart. When using the default socket factory, we can > benefit from Webstart handling the prompting for things like host name > verification. > > More importantly, however, was webstart's ability to interface with > the Window's keystore. We have a client that uses certificated based > authentication for their SSL connections. Using the default socket > factory makes everything just work. The users would get prompted for > a certificate and then they could activate it off their hardware > devices. (Presumably, then, the SSL encryption is handled by the > device. I have no idea how I would do this without webstart.) > > I guess I would like to know what is my best path to take to get this > working. Could I just subclass it and then override the > connectSocket() methods? I noticed that the javax SSLSocketFactory has > similar createSocket() methods... > > Thanks, > Mark > Hi Mark I am sorry I could not respond sooner. Yes, indeed, I felt HttpClient should not have had a direct dependency on HttpsURLConnection class. You have two options: (1) create a custom SSL socket factory that makes use of HttpsURLConnection#getDefaultSSLSocketFactory() (2) Upgrade to 4.2 and use SSLSocketFactory#getSystemSocketFactory(). This method creates an instance of SSLSocketFactory class using standard JSSE system properties similar to HttpsURLConnection Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
