Re: Http client API

Tue, 14 Aug 2012 08:39:24 -0700 

On Aug 14, 2012, at 8:49 PM, Michael McMahon <michael.x.mcma...@oracle.com> 
wrote:

> Xuelei,
> 
> We have no particular requirement on HostnameVerifier. So,
> if I understood you correctly, HostnameVerifier is redundant in new APIs
> and it is possible to control hostname verification through the SSLParameters 
> class
> (and an X509ExtendedTrustManager).
> 
> So, we can drop HostnameVerifier from our API. Is that correct?
> 
Yes.

Xuelei

> Thanks
> Michael
> 
> On 08/08/12 13:10, Xuelei Fan wrote:
>> From JDK 7, JSSE introduces a new hostname verifying approach. It is
>> call "endpoint identification" in JSSE context. It can be used to
>> replace the HostnameVerifier on SSLSession. A typical user case looks like:
>> 
>> 1. implement a X509ExtendedTrustManager. It is required to check the
>> endpoint identification in the following methods:
>>    checkClientTrusted(X509Certificate[], String, Socket)
>>    checkClientTrusted(X509Certificate[], String, SSLEngine)
>>    checkServerTrusted(X509Certificate[], String, Socket)
>>    checkServerTrusted(X509Certificate[], String, SSLEngine)
>> 
>> 2. initialize a SSLParameters to enable the endpoint identification:
>>    sslParameter.setEndpointIdentificationAlgorithm("https");
>> 
>> 3. set the SSLParameters to SSLSocket or SSLEngine, the instance of
>> X509ExtendedTrustManager will check the endpoint (hostname) during
>> handshaking.
>> 
>> Considering the java.net.httpclient.HttpsConfigurator, it is an
>> implementation of HostnameVerifier.  So it would support both
>> HostnameVerifier and the above endpoint identification.  I think as may
>> be redundant if no compatibility concerns.  I was wondering maybe it is
>> OK to detach the HostnameVerifier interface and remove the verify() method.
>> 
>> Maybe, you have other concerns that the HttpsConfigurator.verify()
>> method is really needed.
>> 
>> Thanks,
>> Xuelei
>> 
>> On 8/8/2012 7:09 AM, Michael McMahon wrote:
>>> Hi,
>>> 
>>> A new revision of the Http client API planned for jdk 8 can be viewed
>>> at the following link
>>> 
>>> http://cr.openjdk.java.net/~michaelm/httpclient/v0.3/
>>> 
>>> We would like to review the api on this mailing list.
>>> So, all comments are welcome.
>>> 
>>> Thanks
>>> Michael McMahon.
>

Reply via email to