commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ortwin Glück" <>
Subject [HttpClient] SSL proxy tunneling
Date Wed, 10 Jul 2002 14:53:43 GMT
The current implementation can not handle SSL through proxies correctly.
I was trying to make a patch today but ran across a design flaw in the 
current code.

I just wrote a CONNECT method wrapper (see attachment) which is called 

         if (!connection.isOpen()) {
             if (connection.isProxied() && connection.isSecure()) {
                 method = new ConnectMethod(method);
	return method.execute(getState(),connection);

The problem arises from the fact that the secure socket is opened in *before* any CONNECT request can be sent.

The process of establishing a tunnel is:
1. open ordinary socket to proxy
2. request tunnel from the proxy
3. notify the connection that tunnel is established
4. connection switches to secure socket
5. encrypted communication

SSLSocketFactory.createSocket(Socket s, String host, int port, boolean 
autoClose) is tailored for this purpose. It takes an existing socket and 
uses it as a tunnel.

I suggest that we add a HttpConnection.tunnelEstablished method. If a 
connection is secure and proxied an ordinary socket is acquired at first 
and is replaced by the secure socket when this method is called. The 
method needs proper state checking as well.

Comments are welcome.
  NOSE applied intelligence ag      [perspectix-nose digital b.i]
  ortwin glück                      [email]
  hardturmstrasse 171               [office]      +41-1-277 57 35
  8005 zurich                       [fax]         +41-1-277 57 12

View raw message