Http client API (original) (raw)

Xuelei Fan Xuelei.Fan at Oracle.Com
Tue Aug 14 08:38:54 PDT 2012

• Previous message: Http client API
• Next message: Http client API
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 14, 2012, at 8:49 PM, Michael McMahon <michael.x.mcmahon at oracle.com> wrote:

Xuelei,

We have no particular requirement on HostnameVerifier. So, if I understood you correctly, HostnameVerifier is redundant in new APIs and it is possible to control hostname verification through the SSLParameters class (and an X509ExtendedTrustManager). So, we can drop HostnameVerifier from our API. Is that correct? Yes.

Xuelei

Thanks Michael

On 08/08/12 13:10, Xuelei Fan wrote: From JDK 7, JSSE introduces a new hostname verifying approach. It is call "endpoint identification" in JSSE context. It can be used to replace the HostnameVerifier on SSLSession. A typical user case looks like:

1. implement a X509ExtendedTrustManager. It is required to check the endpoint identification in the following methods: checkClientTrusted(X509Certificate[], String, Socket) checkClientTrusted(X509Certificate[], String, SSLEngine) checkServerTrusted(X509Certificate[], String, Socket) checkServerTrusted(X509Certificate[], String, SSLEngine) 2. initialize a SSLParameters to enable the endpoint identification: sslParameter.setEndpointIdentificationAlgorithm("https"); 3. set the SSLParameters to SSLSocket or SSLEngine, the instance of X509ExtendedTrustManager will check the endpoint (hostname) during handshaking. Considering the java.net.httpclient.HttpsConfigurator, it is an implementation of HostnameVerifier. So it would support both HostnameVerifier and the above endpoint identification. I think as may be redundant if no compatibility concerns. I was wondering maybe it is OK to detach the HostnameVerifier interface and remove the verify() method. Maybe, you have other concerns that the HttpsConfigurator.verify() method is really needed. Thanks, Xuelei On 8/8/2012 7:09 AM, Michael McMahon wrote: Hi,

A new revision of the Http client API planned for jdk 8 can be viewed at the following link http://cr.openjdk.java.net/~michaelm/httpclient/v0.3/ We would like to review the api on this mailing list. So, all comments are welcome. Thanks Michael McMahon.

• Previous message: Http client API
• Next message: Http client API
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the net-dev mailing list