On Tue, 2016-06-07 at 15:45 +0200, Ivan Brencsics wrote:
> Hi Oleg,
> 
> Thanks for your answer, maybe I did not explain clearly our use case. We
> need to call several external systems over HTTP, and every system has
> different requirements. All need TLS, but some need client certificate,
> others not, some of them needs a certain client certificate that differs
> from others, some of them wants to exclude certain protocols and cipher
> suites. My idea is that we need as many SSLConnectionFactiories as many
> external systems. This is what I cant achieve now with a single HttpClient
> / PoolingHttpClientConnectionManager. The PoolingHttpClientConnectionManager
> can be given a single HTTPS connection factory, but I would need multiple
> different factories I suspect. Am I wrong with this?
> 

No need for multiple factories. A single factory should be perfectly
capable of setting different SSL contexts based on hostname /  DNS /
HttpContext attributes.

Oleg 

> Ivan
> 
> 2016-06-07 15:18 GMT+02:00 Oleg Kalnichevski <ol...@apache.org>:
> 
> > On Tue, 2016-06-07 at 11:06 +0200, Ivan Brencsics wrote:
> > > Hi,
> > >
> > > I have some trouble using SSL together
> > > with PoolingHttpClientConnectionManager.
> > >
> > > I create an HttpClient by setting both the SSLContext and
> > ConnectionManager
> > > and the SSLContext is ignored. I read that others had the same problem
> > and
> > > solved it by adding a Socket Factory Registry to the Connection Manager.
> > > However, I dont find this a good solution. I would like to create one and
> > > only one connection pool for my application, and then provide it to all
> > > HttpClient instances I create later on.
> >
> > What is the point doing so? You might as well have just one instance of
> > HttpClient which is basically recommended anyway.
> >
> > > When I instantiate the connection
> > > pool, I dont know exactly what connections I will create later with what
> > > SSL parameters. Your solution assumes that when instantiating the
> > > PoolingHttpClientConnectionManager, we are already aware of all the SSL
> > > settings that we will ever use. This is very often not the case.
> > >
> > > Why are the SSL settings so tightly coupled to
> > > PoolingHttpClientConnectionManager?
> >
> > Because the pool manager is responsible for keeping track of persistent
> > connection state.
> >
> > > And do I understand correctly that if I
> > > am using SSL, I should create separate PoolingHttpClientConnectionManager
> > > instances towards the different remote servers?
> > >
> >
> > No, you should not.
> >
> > Oleg
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> > For additional commands, e-mail: httpclient-users-h...@hc.apache.org
> >
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Reply via email to