Details
Description
HttpsClientTransport is getting wrong SSLSocketFactory.
The problem is here:
private SchemeRegistry createSchemeRegistry() { SchemeRegistry schemeRegistry = new SchemeRegistry(); try { // register the default socket factory so that it looks at the javax.net.ssl.keyStore, // javax.net.ssl.trustStore, etc, properties by default SSLSocketFactory sslSocketFactory = new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(), SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory)); return schemeRegistry; } catch (Exception e) { throw new IllegalStateException("Failure trying to create scheme registry", e); } }
The problem with that code is, that it never take SSLSocketFactory from spring context. So the one defined in XML is ignored.
So it's code have to be replaced with:
private SchemeRegistry createSchemeRegistry() { SchemeRegistry schemeRegistry = new SchemeRegistry(); try { // register the default socket factory so that it looks at the javax.net.ssl.keyStore, // javax.net.ssl.trustStore, etc, properties by default SSLSocketFactory sslSocketFactory = createSocketFactory(); schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory)); return schemeRegistry; } catch (Exception e) { throw new IllegalStateException("Failure trying to create scheme registry", e); } }
And then new method should be added:
/** * Creates a new SSL SocketFactory. The given factory will use user-provided * key and trust managers (if the user provided them). * * @return Newly created (Ssl)SocketFactory. * @throws IOException */ protected SocketFactory createSocketFactory() throws IOException { if (SslContext.getCurrentSslContext() != null) { SslContext ctx = SslContext.getCurrentSslContext(); try { return ctx.getSSLContext().getSocketFactory(); } catch (Exception e) { throw IOExceptionSupport.create(e); } } else { return SSLSocketFactory.getDefault(); } }
This is consistent solution with other transports.
I will prepare patches and tests for this scenerio.
Greetings
Piotr Klimczak