Re: How Do I Set SNI(Server Name Indentification)

2023-08-10 Thread Petar Tahchiev 
Hi Jochen,
I don't have 2 different SSL certificates.
I have no idea what  SNI is but that seems to be the only difference in the
log from curl and httpclient5.

This is from curl:
--
 2023-08-10 21:34:05,099 org.apache.tomcat.util.threads.LimitLatch
[https-jsse-nio-0.0.0.0-8112-Acceptor] DEBUG: Counting
up[https-jsse-nio-0.0.0.0-8112-Acceptor] latch=1
 2023-08-10 21:34:05,101 org.apache.tomcat.util.net.SecureNioChannel
[https-jsse-nio-0.0.0.0-8112-exec-2] DEBUG: *The SNI host name extracted
for connection [java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112  remote=/127.0.0.1:55478
]] was [localhost]*
 2023-08-10 21:34:05,117 org.apache.tomcat.util.net.NioEndpoint
[https-jsse-nio-0.0.0.0-8112-exec-2] DEBUG: Registered write interest for
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4
:org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112 remote=/127.0.0.1:55478]]
 2023-08-10 21:34:05,117 org.apache.tomcat.util.net.NioEndpoint
[https-jsse-nio-0.0.0.0-8112-exec-3] DEBUG: Registered write interest for
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4
:org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112 remote=/127.0.0.1:55478]]
 2023-08-10 21:34:05,118 org.apache.tomcat.util.net.NioEndpoint
[https-jsse-nio-0.0.0.0-8112-exec-4] DEBUG: Registered read interest for
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4
:org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112 remote=/127.0.0.1:55478]]
 2023-08-10 21:34:05,119 org.apache.tomcat.util.net.NioEndpoint
[https-jsse-nio-0.0.0.0-8112-exec-5] DEBUG: Registered write interest for
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4
:org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112 remote=/127.0.0.1:55478]]
 2023-08-10 21:34:05,120 org.apache.tomcat.util.http.Parameters
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Set query string encoding to
UTF-8
 2023-08-10 21:34:05,120 org.apache.tomcat.util.net.NioEndpoint
[https-jsse-nio-0.0.0.0-8112-exec-6] DEBUG: Registered read interest for
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4
:org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112 remote=/127.0.0.1:55478]]
 2023-08-10 21:34:05,120 org.apache.catalina.valves.RemoteIpValve
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Incoming request
/storefront/facade/auth with originalRemoteAddr [127.0.0.1],
originalRemoteHost=[127.0.0.1], originalSecure=[true],
originalScheme=[https], originalServerName=[localhost],
originalServerPort=[8112] will be seen as newRemoteAddr=[127.0.0.1],
newRemoteHost=[127.0.0.1], newSecure=[true], newScheme=[https],
newServerName=[localhost], newServerPort=[8112]
 2023-08-10 21:34:05,120
org.apache.catalina.authenticator.AuthenticatorBase
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Security checking request GET
/storefront/facade/auth
 2023-08-10 21:34:05,120 org.apache.catalina.realm.RealmBase
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG:   No applicable constraints
defined
 2023-08-10 21:34:05,120
org.apache.catalina.authenticator.AuthenticatorBase
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Not subject to any constraint
 2023-08-10 21:34:05,121 org.apache.tomcat.util.http.Parameters
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Set encoding to UTF-8
 2023-08-10 21:34:05,203 org.apache.tomcat.util.threads.LimitLatch
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Counting
down[https-jsse-nio-0.0.0.0-8112-exec-7] latch=1
 2023-08-10 21:34:05,203 org.apache.tomcat.util.net.NioEndpoint
[https-jsse-nio-0.0.0.0-8112-exec-7] DEBUG: Calling
[org.apache.tomcat.util.net.NioEndpoint@213543bc
].closeSocket([org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@555bd3a4
:org.apache.tomcat.util.net.SecureNioChannel@dcab21d:java.nio.channels.SocketChannel[connected
local=/127.0.0.1:8112 remote=/127.0.0.1:55478]])
 2023-08-10 21:34:12,172 org.apache.catalina.session.ManagerBase
[Catalina-utility-1] DEBUG: Start expire sessions StandardManager at
1691692452172 sessioncount 0
 2023-08-10 21:34:12,172 org.apache.catalina.session.ManagerBase
[Catalina-utility-1] DEBUG: End expire sessions StandardManager
processingTime 0 expired sessions: 0
---


this is from httpclient5:
---
2023-08-10 21:34:58,076 org.apache.tomcat.util.threads.Lim

Re: How Do I Set SNI(Server Name Indentification)

2023-08-10 Thread Jochen Wiedmann 
Hi, Petar,

looking through

  https://tomcat.apache.org/tomcat-9.0-doc/config/http.html

I get the impression, that SNI is a server-side issue. So, the actual
problem may be on the server side, rather than the client side. To
begin with: Do you really need two different SSL certificates within
one Tomcat. (Because that is, what SNI appears to be about.)

Jochen

On Thu, Aug 10, 2023 at 9:41 PM Petar Tahchiev  wrote:
>
> Hmm,
>
> I tried now setting the Host header:
>
>
> httpGet.setHeader("Host", "localhost");
>
>
> yet tomcat still logs null for SNI
>
> На чт, 10.08.2023 г. в 22:21 ч. Jochen Wiedmann 
> написа:
>
> > On Thu, Aug 10, 2023 at 9:14 PM Petar Tahchiev 
> > wrote:
> >
> > > I found this gist which tells how to provide a SNI:
> > >
> > > https://gist.github.com/jkuipers/e0b35c21c466a9b4d88a
> > >
> > > but it is for HttpClient4 and I am unable to migrate the code to
> > > HttpClient5.
> >
> > From looking at the gist, all that it does is to set the "Host"
> > header. Surely, that's possible using the httpclient5 API.
> >
> > Jochen
> >
> >
> >
> > --
> > The woman was born in a full-blown thunderstorm. She probably told it
> > to be quiet. It probably did. (Robert Jordan, Winter's heart)
> >
> > -
> > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> > For additional commands, e-mail: httpclient-users-h...@hc.apache.org
> >
> >
>
> --
> Regards, Petar!
> Karlovo, Bulgaria.
> ---
> Public PGP Key at:
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x19658550C3110611
> Key Fingerprint: A369 A7EE 61BC 93A3 CDFF  55A5 1965 8550 C311 0611



-- 
The woman was born in a full-blown thunderstorm. She probably told it
to be quiet. It probably did. (Robert Jordan, Winter's heart)

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: How Do I Set SNI(Server Name Indentification)

2023-08-10 Thread Petar Tahchiev 
Hmm,

I tried now setting the Host header:


httpGet.setHeader("Host", "localhost");


yet tomcat still logs null for SNI

На чт, 10.08.2023 г. в 22:21 ч. Jochen Wiedmann 
написа:

> On Thu, Aug 10, 2023 at 9:14 PM Petar Tahchiev 
> wrote:
>
> > I found this gist which tells how to provide a SNI:
> >
> > https://gist.github.com/jkuipers/e0b35c21c466a9b4d88a
> >
> > but it is for HttpClient4 and I am unable to migrate the code to
> > HttpClient5.
>
> From looking at the gist, all that it does is to set the "Host"
> header. Surely, that's possible using the httpclient5 API.
>
> Jochen
>
>
>
> --
> The woman was born in a full-blown thunderstorm. She probably told it
> to be quiet. It probably did. (Robert Jordan, Winter's heart)
>
> -
> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>
>

-- 
Regards, Petar!
Karlovo, Bulgaria.
---
Public PGP Key at:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x19658550C3110611
Key Fingerprint: A369 A7EE 61BC 93A3 CDFF  55A5 1965 8550 C311 0611

Re: How Do I Set SNI(Server Name Indentification)

2023-08-10 Thread Jochen Wiedmann 
On Thu, Aug 10, 2023 at 9:14 PM Petar Tahchiev  wrote:

> I found this gist which tells how to provide a SNI:
>
> https://gist.github.com/jkuipers/e0b35c21c466a9b4d88a
>
> but it is for HttpClient4 and I am unable to migrate the code to
> HttpClient5.

>From looking at the gist, all that it does is to set the "Host"
header. Surely, that's possible using the httpclient5 API.

Jochen



-- 
The woman was born in a full-blown thunderstorm. She probably told it
to be quiet. It probably did. (Robert Jordan, Winter's heart)

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

How Do I Set SNI(Server Name Indentification)

2023-08-10 Thread Petar Tahchiev 
Hello,

I am facing a very weird issue. I have a project that uses HttpClient4 to
make a simple GET request to Apache Tomcat. It was all working fine.

Now I need to upgrade to HttpClient5. I managed to upgrade very easy - just
a small package renames. However when I make the same request the tomcat
never responds so eventually the HttpClient throws SocketTimeout exception.

I enabled the tomcat server logs and then I tried CURL - works fine and I
see this line in the tomcat logs:

 2023-08-10 21:34:05,101 org.apache.tomcat.util.net.SecureNioChannel
[https-jsse-nio-0.0.0.0-8112-exec-2] DEBUG: The SNI host name extracted for
connection [java.nio.channels.SocketChannel[connected local=/127.0.0.1:8112
remote=/127.0.0.1:55478]] was [localhost]


when I run it with HttpClient5 I see the SNI host name is null and that
seems to me like the only difference.
I found this gist which tells how to provide a SNI:

https://gist.github.com/jkuipers/e0b35c21c466a9b4d88a

but it is for HttpClient4 and I am unable to migrate the code to
HttpClient5.

So my question is: Is there a way to provide a SNI host name?

Thank you
-- 
Regards, Petar!
Karlovo, Bulgaria.
---
Public PGP Key at:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x19658550C3110611
Key Fingerprint: A369 A7EE 61BC 93A3 CDFF  55A5 1965 8550 C311 0611