On Tue, 2016-06-07 at 15:45 +0200, Ivan Brencsics wrote: > Hi Oleg, > > Thanks for your answer, maybe I did not explain clearly our use case. We > need to call several external systems over HTTP, and every system has > different requirements. All need TLS, but some need client certificate, > others not, some of them needs a certain client certificate that differs > from others, some of them wants to exclude certain protocols and cipher > suites. My idea is that we need as many SSLConnectionFactiories as many > external systems. This is what I cant achieve now with a single HttpClient > / PoolingHttpClientConnectionManager. The PoolingHttpClientConnectionManager > can be given a single HTTPS connection factory, but I would need multiple > different factories I suspect. Am I wrong with this? >
No need for multiple factories. A single factory should be perfectly capable of setting different SSL contexts based on hostname / DNS / HttpContext attributes. Oleg > Ivan > > 2016-06-07 15:18 GMT+02:00 Oleg Kalnichevski <ol...@apache.org>: > > > On Tue, 2016-06-07 at 11:06 +0200, Ivan Brencsics wrote: > > > Hi, > > > > > > I have some trouble using SSL together > > > with PoolingHttpClientConnectionManager. > > > > > > I create an HttpClient by setting both the SSLContext and > > ConnectionManager > > > and the SSLContext is ignored. I read that others had the same problem > > and > > > solved it by adding a Socket Factory Registry to the Connection Manager. > > > However, I dont find this a good solution. I would like to create one and > > > only one connection pool for my application, and then provide it to all > > > HttpClient instances I create later on. > > > > What is the point doing so? You might as well have just one instance of > > HttpClient which is basically recommended anyway. > > > > > When I instantiate the connection > > > pool, I dont know exactly what connections I will create later with what > > > SSL parameters. Your solution assumes that when instantiating the > > > PoolingHttpClientConnectionManager, we are already aware of all the SSL > > > settings that we will ever use. This is very often not the case. > > > > > > Why are the SSL settings so tightly coupled to > > > PoolingHttpClientConnectionManager? > > > > Because the pool manager is responsible for keeping track of persistent > > connection state. > > > > > And do I understand correctly that if I > > > am using SSL, I should create separate PoolingHttpClientConnectionManager > > > instances towards the different remote servers? > > > > > > > No, you should not. > > > > Oleg > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
