Re: HttpClient 4.5.2 and Server Name Indication
We just went through this exercise. We have our own socket factory implementation that, based on HTTPCLIENT-1119, uses the String host name when SSLSocketFactory.createSocket() is invoked (rather than using the InetAddress methods). This seemed to do the trick. On 3/2/16, 12:48 PM, "Sam Wilson"wrote: >On 3/2/16 3:41 PM, Oleg Kalnichevski wrote: >> On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote: >>> >>> Is there anything else I need to do to enable SNI? >>> >> >> No, there is not. Just make sure you are not using deprecated >> functionality. >> > >I'm sorry, are you saying that I am using deprecated functionality for >sure, or that I might be and should look for it. In either case, is >there something specific I should be looking for? > >Sam > >- >To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org >For additional commands, e-mail: httpclient-users-h...@hc.apache.org >
Re: HttpClient 4.5.2 and Server Name Indication
On Wed, 2016-03-02 at 16:19 -0500, Sam Wilson wrote: > On 3/2/16 3:56 PM, Philippe Mouawad wrote: > > See Oleg's commit few minutes on deprecated classes: > > http://svn.apache.org/viewvc?view=revision=1733362 > > So yes, my code hits that change. I take it I either grab the latest > HttpClient from svn, or change my software to avoid this path? > The latter should be preferred. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
On 3/2/16 3:56 PM, Philippe Mouawad wrote: See Oleg's commit few minutes on deprecated classes: http://svn.apache.org/viewvc?view=revision=1733362 So yes, my code hits that change. I take it I either grab the latest HttpClient from svn, or change my software to avoid this path? Thanks for the help guys! :) - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
On 3/2/16 3:51 PM, Oleg Kalnichevski wrote: On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote: On 3/2/16 3:41 PM, Oleg Kalnichevski wrote: On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote: Is there anything else I need to do to enable SNI? No, there is not. Just make sure you are not using deprecated functionality. I'm sorry, are you saying that I am using deprecated functionality for sure, or that I might be and should look for it. In either case, is there something specific I should be looking for? It is merely a guess. Are you seeing any deprecation warnings related to HttpClient code when compiling your application? Unfortunately it is a legacy clojure application, so no, I don't see any warnings at all. - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
Hi, Have a look at this: https://issues.apache.org/jira/browse/HTTPCLIENT-1119 You will see concerned classes, see: https://github.com/apache/httpclient/commit/92b7e8cd971868505d0f22ee5cfc12a68ee91b80#diff-4f1f0cfa92ca97f7ee68436780ce874c See Oleg's commit few minutes on deprecated classes: http://svn.apache.org/viewvc?view=revision=1733362 Regards On Wed, Mar 2, 2016 at 9:51 PM, Oleg Kalnichevskiwrote: > On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote: > > On 3/2/16 3:41 PM, Oleg Kalnichevski wrote: > > > On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote: > > >> > > >> Is there anything else I need to do to enable SNI? > > >> > > > > > > No, there is not. Just make sure you are not using deprecated > > > functionality. > > > > > > > I'm sorry, are you saying that I am using deprecated functionality for > > sure, or that I might be and should look for it. In either case, is > > there something specific I should be looking for? > > It is merely a guess. Are you seeing any deprecation warnings related to > HttpClient code when compiling your application? > > Oleg > > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > -- Cordialement. Philippe Mouawad.
Re: HttpClient 4.5.2 and Server Name Indication
On 3/2/16 3:41 PM, Oleg Kalnichevski wrote: On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote: Is there anything else I need to do to enable SNI? No, there is not. Just make sure you are not using deprecated functionality. I'm sorry, are you saying that I am using deprecated functionality for sure, or that I might be and should look for it. In either case, is there something specific I should be looking for? Sam - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
On Wed, 2016-03-02 at 15:48 -0500, Sam Wilson wrote: > On 3/2/16 3:41 PM, Oleg Kalnichevski wrote: > > On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote: > >> > >> Is there anything else I need to do to enable SNI? > >> > > > > No, there is not. Just make sure you are not using deprecated > > functionality. > > > > I'm sorry, are you saying that I am using deprecated functionality for > sure, or that I might be and should look for it. In either case, is > there something specific I should be looking for? It is merely a guess. Are you seeing any deprecation warnings related to HttpClient code when compiling your application? Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: HttpClient 4.5.2 and Server Name Indication
On Wed, 2016-03-02 at 12:37 -0500, Sam Wilson wrote: > Hey httpclient-users, > > I'm trying to get Server Name Indication working in an existing > application, but I'm having some serious trouble. > > The java version is 1.8.0_45. > > I've walked all the way through the HttpClient code to the > sun.security.ssl.SSLSocketImpl.connect call, and I see that HttpClient > is correctly passing the hostname through to the socket connect. > > The paramSocketAddress.toString() returns "www.example.com:443", where > example.com is replaced by the actual SNI host I'm using. > > When I enable -Djavax.net.debug=all, there is no server name extension > listed in the outgoing request. > > Is there anything else I need to do to enable SNI? > No, there is not. Just make sure you are not using deprecated functionality. Oleg - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org