Re: How to set multiple SSLContext for Httpclient

Wed, 27 Sep 2017 08:30:42 -0700 

On Wed, 2017-09-27 at 14:32 +0800, Simon Wong wrote:
> If I choose the TrustSelfSignedStrategy.INSTANCE as the
> TrustStrategy, the
> constructed HttpClient could be used for both self-signed and valid
> certificate. But it could not be used to trust expired certificate
> (throws
> java.security.cert.CertificateExpiredException exeption).
> 
> I guess if the HttpClientBuilder allows me to construct multiple
> SSLContext
> and the problem should be solved. But I don't know how to set mutlple
> SSLContext.
> 

No, one cannot have multiple SSLContexts configured for the same
connection. One however could have a custom
LayeredConnectionSocketFactory that makes use of different SSLContext
instances depending on hostname or Socket properties.

Oleg


> Current workaround is implement the TrustStrategy and always return
> "true"
> in isTrusted() method.
> 
> 
>         HttpClientBuilder clientBuilder = HttpClients.custom();
> 
>         SSLContext sslContext = SSLContexts.custom()
>                 .loadTrustMaterial((KeyStore) null,
> TrustSelfSignedStrategy.INSTANCE)
>                 .build();
> 
>         try (CloseableHttpClient httpclient = clientBuilder
>                 .setSSLContext(sslContext)
>                 .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE
> )
>                 .build()) {
> 
>             // working (valid cert)
>             try (CloseableHttpResponse response =
> httpclient.execute(new
> HttpGet("https://sha256.badssl.com/";))) {
>                 String bodyAsString =
> EntityUtils.toString(response.getEntity());
>                 System.out.println("response 1: " + bodyAsString);
>             }
> 
>             // working (trusted self-sgined cert)
>             try (CloseableHttpResponse response =
> httpclient.execute(new
> HttpGet("https://self-signed.badssl.com/";))) {
>                 String bodyAsString =
> EntityUtils.toString(response.getEntity());
>                 System.out.println("response 2: " + bodyAsString);
>             }
> 
>             // throw java.security.cert.CertificateExpiredException
> here
>             try (CloseableHttpResponse response =
> httpclient.execute(new
> HttpGet("https://expired.badssl.com/";))) {
>                 String bodyAsString =
> EntityUtils.toString(response.getEntity());
>                 System.out.println("response 3: " + bodyAsString);
>             }
>         }

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to