Http client API

Michael McMahon michael.x.mcmahon at oracle.com
Tue Aug 14 05:49:14 PDT 2012 

Xuelei,

We have no particular requirement on HostnameVerifier. So,
if I understood you correctly, HostnameVerifier is redundant in new APIs
and it is possible to control hostname verification through the 
SSLParameters class
(and an X509ExtendedTrustManager).

So, we can drop HostnameVerifier from our API. Is that correct?

Thanks
Michael

On 08/08/12 13:10, Xuelei Fan wrote:
>  From JDK 7, JSSE introduces a new hostname verifying approach. It is
> call "endpoint identification" in JSSE context. It can be used to
> replace the HostnameVerifier on SSLSession. A typical user case looks like:
>
> 1. implement a X509ExtendedTrustManager. It is required to check the
> endpoint identification in the following methods:
>     checkClientTrusted(X509Certificate[], String, Socket)
>     checkClientTrusted(X509Certificate[], String, SSLEngine)
>     checkServerTrusted(X509Certificate[], String, Socket)
>     checkServerTrusted(X509Certificate[], String, SSLEngine)
>
> 2. initialize a SSLParameters to enable the endpoint identification:
>     sslParameter.setEndpointIdentificationAlgorithm("https");
>
> 3. set the SSLParameters to SSLSocket or SSLEngine, the instance of
> X509ExtendedTrustManager will check the endpoint (hostname) during
> handshaking.
>
> Considering the java.net.httpclient.HttpsConfigurator, it is an
> implementation of HostnameVerifier.  So it would support both
> HostnameVerifier and the above endpoint identification.  I think as may
> be redundant if no compatibility concerns.  I was wondering maybe it is
> OK to detach the HostnameVerifier interface and remove the verify() method.
>
> Maybe, you have other concerns that the HttpsConfigurator.verify()
> method is really needed.
>
> Thanks,
> Xuelei
>
> On 8/8/2012 7:09 AM, Michael McMahon wrote:
>> Hi,
>>
>> A new revision of the Http client API planned for jdk 8 can be viewed
>> at the following link
>>
>> http://cr.openjdk.java.net/~michaelm/httpclient/v0.3/
>>
>> We would like to review the api on this mailing list.
>> So, all comments are welcome.
>>
>> Thanks
>> Michael McMahon.

More information about the net-dev mailing list