Synapse doesn't forward requests via proxyserver for a 'https' endpoint
-----------------------------------------------------------------------
Key: SYNAPSE-858
URL: https://issues.apache.org/jira/browse/SYNAPSE-858
Project: Synapse
Issue Type: Bug
Components: Core
Affects Versions: NIGHTLY
Reporter: Vijayaratha Vijayasingam
Priority: Critical
Fix For: FUTURE
Synapse doesn't work when we configure 'http' proxy to talk to 'https' endpoint
via a proxyserver.
At axis2.xml transport sender configuration,when we add following two
parameters[1], which are not picked by backend
[1] <parameter locked="false" name="http.proxyHost">10.100.1.162</parameter>
<parameter locked="false" name="http.proxyPort">443</parameter>
//https port number
<parameter name="HostnameVerifier">AllowAll</parameter>
This is because, @ HttpCoreNIOSender class, the condition is like,
if (sslContext == null) {
proxyHost =
proxyPort =
}
if we remove (sslContext==null) condition then both scenarios(http/https
sender) work fine..(But not sure how this will affect the system's security)
Configurations
--------------------
Proxy;
<proxy name="TestProxy" transports="http" startOnLoad="true" trace="disable">
<target>
<inSequence>
<send>
<endpoint>
<address
uri="https://localhost:9444/services/SimpleStockQuoteService"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
</proxy>
TransportSender
-----------------------
<transportSender name="http"
class="org.apache.synapse.transport.nhttp.HttpCoreNIOSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter locked="false"
name="http.proxyHost">10.100.1.162</parameter>
<parameter locked="false" name="http.proxyPort">80</parameter>
</transportSender>
<transportSender name="https"
class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<parameter locked="false" name="http.proxyHost">10.100.1.162</parameter>
<parameter locked="false" name="http.proxyPort">443</parameter>
<parameter name="HostnameVerifier">AllowAll</parameter>
</transportSender>
f we remove (sslContext==null) condition then both scenarios(http/https sender)
work fine..But I'm not sure how this will affect other scenarios..
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
