Oleg, What I would mean was:
1. I send 8 https requests, then I have 8 connections in the pool. 2. I have a keep-alive of 20 seconds. Then, I wait 1 min. 3. After 1 min, all connections should be removed from the pool (due to my IdleConnectionHandler, that works fine) 4. Then, I shutdown tomcat. 5. Then, I expect no messages because there are no connections in pool. But I see exactly 8 messages like this: > > main, called close() > > main, called closeInternal(true) > > main, SEND TLSv1 ALERT: warning, description = close_notify main, > > WRITE: TLSv1 Alert, length = 18 main, called > > closeSocket(selfInitiated) 6. If I repeat the process sending 5 requests, then I see 5 messages. One per connection. That's why I though this was something related to Http pool, as if the connections were not expired. But if you say that you don't print these messages, then I am a bit lost (because tomcat guys also say that they don't print these messages, and me neither). Anyway, thanks, Joan. -----Mensaje original----- De: Oleg Kalnichevski [mailto:[email protected]] Enviado el: lunes, 2 de diciembre de 2013 16:12 Para: HttpClient User Discussion Asunto: Re: SSL connection On Mon, 2013-12-02 at 11:16 +0100, Joan Balagueró wrote: > Oleg, > > I close the connection pool by using > "this.objHttp.getConnectionManager().shutdown();" > > About the expired connections, I have an "idleConnectionsHandler" that every > 5 seconds removes expired connections and those that take idle longer than 5 > seconds: > > private ClientConnectionManager cm; > (...) > this.cm.closeExpiredConnections(); > this.cm.closeIdleConnections(5, TimeUnit.SECONDS); > (...) > > That's why I though that the pool should be empty after 1 minute. > > Regards, > > Joan. > Nothing in the connection pool can survive a call to #shutdown(). Can it be that you have some other processes connected to the same Tomcat instance? Oleg > > -----Mensaje original----- > De: Oleg Kalnichevski [mailto:[email protected]] Enviado el: lunes, 2 > de diciembre de 2013 10:36 > Para: HttpClient User Discussion > Asunto: Re: SSL connection > > On Sat, 2013-11-30 at 23:52 +0100, Joan Balagueró wrote: > > Hello Oleg, > > > > Thanks for you help. Everything works fine now. > > > > Just one more question: when I shutdown Tomcat, I see this message in > > catalina.out (ssl debug enabled): > > > > main, called close() > > main, called closeInternal(true) > > main, SEND TLSv1 ALERT: warning, description = close_notify main, > > WRITE: TLSv1 Alert, length = 18 main, called > > closeSocket(selfInitiated) > > > > > > If I send 8 https requests, this message appears 8 times when shutting down > > tomcat. It seems that HttpClient is closing the http connection pool (in > > fact, our app closes it). But I have a keep-alive of 20 seconds, and I'm > > waiting more than 1 minute (from the last request sent) before shutting > > down tomcat (so I understand that all connections should be expired and > > removed from the pool). > > > > I suppose I'm missing something. Could you clarify me this point, please? > > > > Thanks, > > > > Joan. > > > > Joan > > I do not know SSL protocol that intimately, but it looks like this message > basically means that the server had to initiate connection shutdown and > notify the client. I do not think there is anything wrong with that. > > Please note that expired connections in the client connection pool do not get > evicted automatically if the pool is inactive. One needs to explicitly call > #closeExpired to make it happen. > > How exactly do you close the connection pool on the client side? > > Oleg > > > > > -----Mensaje original----- > > De: Oleg Kalnichevski [mailto:[email protected]] Enviado el: > > jueves, 28 de noviembre de 2013 22:12 > > Para: HttpClient User Discussion > > Asunto: Re: SSL connection > > > > On Thu, 2013-11-28 at 20:11 +0100, Joan Balagueró wrote: > > > Hello Oleg, > > > > > > Thanks. I've been seeing some HttpClient samples. Some of them set the > > > trustStore/keyStore directly to the SSLSocketFactory. > > > > SSLSocketFactory constructors internally create an SSLContext instance and > > initialize it with the trust / key material passed as parameters. > > > > > And others create an SSLContext with them and then set this SSLContext > > > to the SSLSocketFactory. Any advantage from one respect to the other? > > > > > > > No, not really. Simply a matter of convenience. > > > > > Furthermore, when using SSLContext we need to create an instance using > > > the secure socket protocol. Is there any way to accept all secure > > > protocols? > > > > > > > I am not sure what you mean by that. Exactly wha > > > > > Thanks, > > > > > > Joan. > > > > > > -----Mensaje original----- > > > De: Oleg Kalnichevski [mailto:[email protected]] Enviado el: > > > jueves, > > > 28 de noviembre de 2013 10:24 > > > Para: HttpClient User Discussion > > > Asunto: Re: SSL connection > > > > > > On Wed, 2013-11-27 at 19:24 +0100, Joan Balagueró wrote: > > > > Hello, > > > > > > > > > > > > > > > > I have an application (servlet running on tomcat) that must send > > > > a https request to a server that requires client authentication. > > > > > > > > > > > > > > > > Tomcat has correctly installed the truststore and keystore. But > > > > I understand that when our app sends the https request, I have > > > > to attach the client authentication required by the server. > > > > > > > > > > > > > > > > Can anyone address to any doc where I can see how to do this? > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > J. > > > > > > > > > > There is enough good material on SSL fundamentals on the web. Just google > > > it out. > > > > > > As far as HC APIs are concerned SSLContextBuilder should help you set up > > > the correct SSL context for your application. Most likely you will need > > > to load the private key and add it to the context using this method [1]. > > > > > > Oleg > > > > > > [1] > > > http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/apidoc > > > s/ > > > or > > > g/apache/http/conn/ssl/SSLContextBuilder.html#loadKeyMaterial%28ja > > > va > > > .s > > > ecurity.KeyStore,%20char[],%20org.apache.http.conn.ssl.PrivateKeyS > > > tr > > > at > > > egy%29 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------ > > > -- > > > - To unsubscribe, e-mail: > > > [email protected] > > > For additional commands, e-mail: > > > [email protected] > > > > > > > > > > > > ------------------------------------------------------------------ > > > -- > > > - To unsubscribe, e-mail: > > > [email protected] > > > For additional commands, e-mail: > > > [email protected] > > > > > > > > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
