'Re: HttpRoutePlanner - How does it work with an HTTPS Proxy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-users
Subject:    Re: HttpRoutePlanner - How does it work with an HTTPS Proxy
From:       Oleg Kalnichevski <olegk () apache ! org>
Date:       2013-02-25 10:42:40
Message-ID: 1361788960.16089.2.camel () ubuntu
[Download RAW message or body]

On Sun, 2013-02-24 at 08:02 +0530, Sivasubramaniam Sivakumar wrote:
> Hi,
> 
> I have an HTTPS proxy set up so that HTTP clients can send plain HTTP
> requests securely to the proxy. For example, a client can send an encrypted
> HTTP GET request to the proxy, which will remove the encryption and send
> the plain HTTP GET request to the end-site.
> 
> I learned that this is not a common set up and only Google Chrome has
> in-built features to support such a scenario. (Info here -
> http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection).
> I have made Google Chrome work with my HTTPS proxy and hence there is no
> trouble on the proxy side.
> 
> I wish to write an HTTP Client that will encrypt all requests to my HTTPS
> Proxy. I tried setting an HTTPS proxy to DefaultHttpClient this way -
>     DefaultHttpClient dhc = new DefaultHttpClient();
>     HttpHost proxy = new HttpHost("192.168.2.3", 8181, "https"); //NOTE :
> https
>     dhc.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
> 
> Then trying to execute any request gives me an SSLPeerUnverifiedException.
> I do not understand the reason why.
> 
> During my exploration of the DefaultHttpClient API, I came across
> HttpRoutePlanner and HttpRoute with which we can specify whether the
> connection to proxies should be encrypted or not. However, I am unable to
> make this work.
> 
> Here is a diagram that explains my setup by differentiating it with a HTTP
> Proxy setup -
> 
> HTTP Proxy:
> 
> HTTP Client <------- Plain Text GET, POST Requests -------> HTTP Proxy
> <------- Plain Text GET, POST Requests -------> HTTP End-Site
> 
> HTTP Client <------- Plain Text CONNECT Requests -------> HTTP Proxy
> <------- Plain Text CONNECT Requests -------> HTTPS End-Site
> 
> NOTE: For HTTPS End-Sites, only the CONNECT Request is seen by the proxy.
> Then an SSL Tunnel is established between the Client and End-Site
> 
> HTTPS Proxy:
> 
> HTTP Client <------- Encrypted GET, POST Requests -------> HTTPS Proxy
> <-------- Plain Text GET, POST Requests -------->  HTTP End-Site
> 
> HTTP Client <------- Encrypted CONNECT Requests -------> HTTPS Proxy
> <------- Plain Text CONNECT Requests -------> HTTPS End-Site
> 
> NOTE: For HTTPS End-Sites, only the initial CONNECT Request should be
> encrypted to the proxy. The subsequent request will anyway be tunnelled.
> 
> Can anybody please let me know how I can achieve this goal? I believe
> HttpRoutePlanner should help, but I don't know how. Thanks.
> 
> Regards,
> Sivasubramaniam S.

Sivasubramaniam,

Apache HttpClient 4.x only supports SSL via proxy only by connection
tunneling. It does not support HTTPS proxies.

For details see
https://issues.apache.org/jira/browse/HTTPCLIENT-1318

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic