Hi Jochen, I don't have 2 different SSL certificates. I have no idea what SNI is but that seems to be the only difference in the log from curl and httpclient5.
This is from curl: -------------------------------------------------------------------------------------------------------------------------------------- 2023-08-10 21:34:05,099 org.apache.tomcat.util.threads.LimitLatch [https-jsse-nio-0.0.0.0-8112-Acceptor] DEBUG: Counting up[https-jsse-nio-0.0.0.0-8112-Acceptor] latch=1 2023-08-10 21:34:05,101 org.apache.tomcat.util.net.SecureNioChannel [https-jsse-nio-0.0.0.0-8112-exec-2] DEBUG: *The SNI host name extracted for connection [java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 <http://127.0.0.1:8112> remote=/127.0.0.1:55478 <http://127.0.0.1:55478>]] was [localhost]* 2023-08-10 21:34:05,117 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-2] DEBUG: Registered write interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55478]] 2023-08-10 21:34:05,117 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-3] DEBUG: Registered write interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55478]] 2023-08-10 21:34:05,118 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-4] DEBUG: Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55478]] 2023-08-10 21:34:05,119 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-5] DEBUG: Registered write interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55478]] 2023-08-10 21:34:05,120 org.apache.tomcat.util.http.Parameters [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Set query string encoding to UTF-8 2023-08-10 21:34:05,120 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-6] DEBUG: Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55478]] 2023-08-10 21:34:05,120 org.apache.catalina.valves.RemoteIpValve [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Incoming request /storefront/facade/auth with originalRemoteAddr [127.0.0.1], originalRemoteHost=[127.0.0.1], originalSecure=[true], originalScheme=[https], originalServerName=[localhost], originalServerPort=[8112] will be seen as newRemoteAddr=[127.0.0.1], newRemoteHost=[127.0.0.1], newSecure=[true], newScheme=[https], newServerName=[localhost], newServerPort=[8112] 2023-08-10 21:34:05,120 org.apache.catalina.authenticator.AuthenticatorBase [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Security checking request GET /storefront/facade/auth 2023-08-10 21:34:05,120 org.apache.catalina.realm.RealmBase [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: No applicable constraints defined 2023-08-10 21:34:05,120 org.apache.catalina.authenticator.AuthenticatorBase [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Not subject to any constraint 2023-08-10 21:34:05,121 org.apache.tomcat.util.http.Parameters [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Set encoding to UTF-8 2023-08-10 21:34:05,203 org.apache.tomcat.util.threads.LimitLatch [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Counting down[https-jsse-nio-0.0.0.0-8112-exec-7] latch=1 2023-08-10 21:34:05,203 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Calling [org.apache.tomcat.util.net.NioEndpoint@213543bc ].closeSocket([org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55478]]) 2023-08-10 21:34:12,172 org.apache.catalina.session.ManagerBase [Catalina-utility-1] DEBUG: Start expire sessions StandardManager at 1691692452172 sessioncount 0 2023-08-10 21:34:12,172 org.apache.catalina.session.ManagerBase [Catalina-utility-1] DEBUG: End expire sessions StandardManager processingTime 0 expired sessions: 0 --------------------------------------------------------------------------------------------------------------------------------------- this is from httpclient5: --------------------------------------------------------------------------------------------------------------------------------------- 2023-08-10 21:34:58,076 org.apache.tomcat.util.threads.LimitLatch [https-jsse-nio-0.0.0.0-8112-Acceptor] DEBUG: Counting up[https-jsse-nio-0.0.0.0-8112-Acceptor] latch=1 2023-08-10 21:34:58,080 org.apache.tomcat.util.net.SecureNioChannel [https-jsse-nio-0.0.0.0-8112-exec-9] DEBUG: *The SNI host name extracted for connection [java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 <http://127.0.0.1:8112> remote=/127.0.0.1:55754 <http://127.0.0.1:55754>]] was [null]* 2023-08-10 21:34:58,096 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-9] DEBUG: Registered write interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]] 2023-08-10 21:34:58,097 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-10] DEBUG: Registered write interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]] 2023-08-10 21:34:58,097 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-1] DEBUG: Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]] 2023-08-10 21:34:58,098 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-2] DEBUG: Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]] 2023-08-10 21:34:58,100 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-3] DEBUG: Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]] 2023-08-10 21:34:58,100 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-4] DEBUG: Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]] 2023-08-10 21:35:12,173 org.apache.catalina.session.ManagerBase [Catalina-utility-1] DEBUG: Start expire sessions StandardManager at 1691692512173 sessioncount 0 2023-08-10 21:35:12,173 org.apache.catalina.session.ManagerBase [Catalina-utility-1] DEBUG: End expire sessions StandardManager processingTime 0 expired sessions: 0 2023-08-10 21:35:58,156 org.apache.tomcat.util.threads.LimitLatch [https-jsse-nio-0.0.0.0-8112-exec-5] DEBUG: Counting down[https-jsse-nio-0.0.0.0-8112-exec-5] latch=1 2023-08-10 21:35:58,157 org.apache.tomcat.util.net.NioEndpoint [https-jsse-nio-0.0.0.0-8112-exec-5] DEBUG: Calling [org.apache.tomcat.util.net.NioEndpoint@213543bc ].closeSocket([org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@33a45cc7 :org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112 remote=/127.0.0.1:55754]]) --------------------------------------------------------------------------------------------------------------------------------------- На чт, 10.08.2023 г. в 22:54 ч. Jochen Wiedmann <jochen.wiedm...@gmail.com> написа: > Hi, Petar, > > looking through > > https://tomcat.apache.org/tomcat-9.0-doc/config/http.html > > I get the impression, that SNI is a server-side issue. So, the actual > problem may be on the server side, rather than the client side. To > begin with: Do you really need two different SSL certificates within > one Tomcat. (Because that is, what SNI appears to be about.) > > Jochen > > On Thu, Aug 10, 2023 at 9:41 PM Petar Tahchiev <paranoia...@gmail.com> > wrote: > > > > Hmm, > > > > I tried now setting the Host header: > > > > > > httpGet.setHeader("Host", "localhost"); > > > > > > yet tomcat still logs null for SNI > > > > На чт, 10.08.2023 г. в 22:21 ч. Jochen Wiedmann < > jochen.wiedm...@gmail.com> > > написа: > > > > > On Thu, Aug 10, 2023 at 9:14 PM Petar Tahchiev <paranoia...@gmail.com> > > > wrote: > > > > > > > I found this gist which tells how to provide a SNI: > > > > > > > > https://gist.github.com/jkuipers/e0b35c21c466a9b4d88a > > > > > > > > but it is for HttpClient4 and I am unable to migrate the code to > > > > HttpClient5. > > > > > > From looking at the gist, all that it does is to set the "Host" > > > header. Surely, that's possible using the httpclient5 API. > > > > > > Jochen > > > > > > > > > > > > -- > > > The woman was born in a full-blown thunderstorm. She probably told it > > > to be quiet. It probably did. (Robert Jordan, Winter's heart) > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > > > > > > > -- > > Regards, Petar! > > Karlovo, Bulgaria. > > --- > > Public PGP Key at: > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x19658550C3110611 > > Key Fingerprint: A369 A7EE 61BC 93A3 CDFF 55A5 1965 8550 C311 0611 > > > > -- > The woman was born in a full-blown thunderstorm. She probably told it > to be quiet. It probably did. (Robert Jordan, Winter's heart) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > -- Regards, Petar! Karlovo, Bulgaria. --- Public PGP Key at: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x19658550C3110611 Key Fingerprint: A369 A7EE 61BC 93A3 CDFF 55A5 1965 8550 C311 0611