Mercurial > hg > Blog

view content/Java/commons-httpclient-vs-self-signed-certs.md @ 101:0e63edd28f55

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add a pip requirements file to easily setup the blog venv
author Dirk Olmes <dirk.olmes@codedo.de>
date Sat, 28 Mar 2020 02:43:10 +0100
parents 1d9382b0329b
children
line wrap: on
line source

Title: Apache commons-httpclient vs. self signed certificates
Date: 2013-10-03
Tags: httpclient
Lang: en

Recently I tried to retrieve HTML pages from a host that was using self signed HTTPS certificates. I used the excellent [Apache commons httpclient](http://hc.apache.org/httpcomponents-client-4.2.x/index.html) for the job. Their [tutorial](http://hc.apache.org/httpcomponents-client-4.2.x/tutorial/html/) is quite extensive and even gives examples about some customizations that can be made in the context of SSL. But being a good open source documentation, the tutorial only tells you the tiny details of tweaking individual settings, leaving the big picture for you to figure out. 

So how does all the talk about socket factories and SSLContext and friends go together with your [HttpClient](http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/HttpClient.html)?

Let's assume you already have a HttpClient instance at hand:

	:::java
    HttpClient client = new DefaultHttpClient();

Now let's configure all the socket factories and stuff that's required to make HTTPS traffic with self signed certificates work:

	:::java
    TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
    X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    SchemeSocketFactory socketFactory = new SSLSocketFactory(trustStrategy, hostnameVerifier);

And now let's put it all together:

	:::java
    Scheme https = new Scheme("https", 443, socketFactory);
    SchemeRegistry registry = client.getConnectionManager().getSchemeRegistry();
    registry.register(https);