CloseableHttpClient doesn't use sslcontext

Question

I use PoolingHttpClientconnectionManager and i need specific sslcontext on each request. By default CloseableHttpClient use manager's sslcontext, but i need sslcontext from .setSSLContext(context). How resolve this problem? I need connection pool and at the same time i need specific sslcontext on each request

CloseableHttpClient client = HttpClients.custom()
                .setConnectionManager(httpPoolManager.getConnectionManager())
                .setSSLSocketFactory(new SSLConnectionSocketFactory(context, NoopHostnameVerifier.INSTANCE))
                .setSSLContext(context)
                .build();
        setExternalRequestId(externalRequestId);
        setHttpClient(client);

score 0 · Answer 1 · answered Jan 31 '18 at 09:47

I'm working on this those days.

You can use below code to build a HTTPs client:

    SSLContextBuilder builder = new SSLContextBuilder();
    // Truest all request
    try {
    builder.loadTrustMaterial(null, new TrustStrategy() {
        @Override
        public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            return true;
        }
    });
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), new String[] {"TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);
    Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
            .register(HTTPS, sslsf)
            .build();
    PoolingHttpClientConnectionManager pccm = new PoolingHttpClientConnectionManager(registry);

And then :

HttpClients.custom()
    .setSSLSocketFactory(sslsf)
    .setConnectionManager(pccm)
    .setConnectionManagerShared(true)
    .build();

score 0 · Answer 2 · answered Jun 13 '19 at 19:25

I had to dig through the source code, but found the following works, assuming you can construct your own PoolingHttpClientConnectionManager.

Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
                    .register("https", new SSLConnectionSocketFactory(sslContext))
                    .build();

CloseableHttpClient httpClient = HttpClientBuilder.create()
                    // important line -- use registry in constructor
                    .setConnectionManager(new PoolingHttpClientConnectionManager(registry)) // IMPORTANT
                    .build();

CloseableHttpClient doesn't use sslcontext

2 Answers2