Comments (22)
Apache http client can support HTTPS proxy:
HttpHost proxy = new HttpHost("https","www.xxx.xxx",8888);
CloseableHttpClient client = HttpClients.custom()
.setProxy(proxy)
.build();
So can OKHTTP client support it also?
from okhttp.
I think we should support. I've set up tests to validate against other proxily servers but haven't been able to easily verify Https behaviour.
Do you have a public test server I can test against? That you know is working ?
from okhttp.
I think we should support. I've set up tests to validate against other proxily servers but haven't been able to easily verify Https behaviour.
Do you have a public test server I can test against? That you know is working ?
Thanks so much for your reply. I donโt currently have a publicly available proxy for you to test; however this is the project we are working from to set up our proxy. I hope this is somewhat helpful.
from okhttp.
I confirmed with smokescreen that this clumsy workaround works
val serverCert = """
-----BEGIN CERTIFICATE-----
MIIE+DCCAuCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJVUzET
...
B5Ird7f+U0bSPpszX4PMGbydhsuhnbqDamrT0Q==
-----END CERTIFICATE-----
""".trimIndent().decodeCertificatePem()
val certs = HandshakeCertificates.Builder()
.addPlatformTrustedCertificates()
.addTrustedCertificate(serverCert)
.build()
val sslSocketFactory = certs.sslSocketFactory()
val client = OkHttpClient.Builder()
.proxy(Proxy(Proxy.Type.HTTP, InetSocketAddress("localhost", 4750)))
.socketFactory(sslSocketFactory)
.build()
from okhttp.
OK change in code is simple, except our dependence on java.net.Proxy is limiting.
@swankjesse would it make sense to have our own model for Proxy?
from okhttp.
A quick exploration, I'll revert some of this and see if it looks ok
from okhttp.
Hi @yschimke @swankjesse, Do we have release date for this feature?
from okhttp.
I don't think clean support will make 5.0, as it would require a new Proxy domain model.
Instead I'm aiming to allow this workaround #8379
from okhttp.
@yschimke Do you mean we can have a workaround method without changing the source code?
from okhttp.
@itning No, would require changing the client.
How are you configuring this proxy? Maybe I can see if there is a way to make that path work.
from okhttp.
We don't currently have a similar API to Apache
HttpHost proxy = new HttpHost("https","www.xxx.xxx",8888);
from okhttp.
How are you configuring this proxy? Maybe I can see if there is a way to make that path work.
For now we use apache http client like this: #8373 (comment)
from okhttp.
This would require this clumsy workaround for OkHttp
Or at minimum
// create a ssl socket factory somehow
val sslSocketFactory = OkHttpClient().sslSocketFactory
val client = OkHttpClient.Builder()
.proxy(Proxy(Proxy.Type.HTTP, InetSocketAddress("localhost", 4750)))
.socketFactory(sslSocketFactory)
.build()
from okhttp.
// create a ssl socket factory somehow
val sslSocketFactory = OkHttpClient().sslSocketFactoryval client = OkHttpClient.Builder() .proxy(Proxy(Proxy.Type.HTTP, InetSocketAddress("localhost", 4750))) .socketFactory(sslSocketFactory) .build()
I use the code, but got error:
Exception in thread "main" java.lang.IllegalArgumentException: socketFactory instanceof SSLSocketFactory
at okhttp3.OkHttpClient$Builder.socketFactory(OkHttpClient.kt:723)
at xxx.main(xxx.java:178)
from okhttp.
Sorry, I should have been clearer.
It requires this PR, unless you wrap that socket factory again.
from okhttp.
@yschimke I'm sorry to bother you again and request when I can use the solution you provided?
from okhttp.
For now, try something like this
val client =
OkHttpClient.Builder()
.sslSocketFactory(socketFactory, trustManager)
.proxy(Proxy(Proxy.Type.HTTP, it.remoteAddress()))
.protocols(listOf(Protocol.HTTP_2, Protocol.HTTP_1_1))
.socketFactory(socketFactory.asSocketFactory())
.build()
private fun SSLSocketFactory.asSocketFactory(): SocketFactory {
return DelegatingSocketFactory(this)
}
DelegatingSocketFactory would be something like
from okhttp.
For now, try something like this
val client = OkHttpClient.Builder() .sslSocketFactory(socketFactory, trustManager) .proxy(Proxy(Proxy.Type.HTTP, it.remoteAddress())) .protocols(listOf(Protocol.HTTP_2, Protocol.HTTP_1_1)) .socketFactory(socketFactory.asSocketFactory()) .build() private fun SSLSocketFactory.asSocketFactory(): SocketFactory { return DelegatingSocketFactory(this) }
DelegatingSocketFactory would be something like
Excuse me, it might not be the right place to ask this question, but I really felt confused about it and found nothing useful after googling my question. Why the protocols(protocols: List<Protocol>)
method is designed in a way that h2_prior_knowledge
can not coexist with other protocols. What if some of my calls are applicable for cleartext http/2 while others are applicable for http/2? Thank you.
// OKHttpClient.kt
*
* @param protocols the protocols to use, in order of preference. If the list contains
* [Protocol.H2_PRIOR_KNOWLEDGE] then that must be the only protocol and HTTPS URLs will not
* be supported. Otherwise the list must contain [Protocol.HTTP_1_1]. The list must
* not contain null or [Protocol.HTTP_1_0].
*/
fun protocols(protocols: List<Protocol>) =
from okhttp.
https://datatracker.ietf.org/doc/html/rfc7540#section-3.4
The client and server must start the http/2 handshake without prior negotiation. So this would corrupt if the server expects plaintext or vice versa.
You could still support https/2 over https on a different port, but you can clone the client for that case.
Supporting a mix seems really niche and problematic.
from okhttp.
https://datatracker.ietf.org/doc/html/rfc7540#section-3.4
The client and server must start the http/2 handshake without prior negotiation. So this would corrupt if the server expects plaintext or vice versa.
You could still support https/2 over https on a different port, but you can clone the client for that case.
Supporting a mix seems really niche and problematic.
Thanks. Sounds great to clone the client.
However, I didn't really understand what you mean by http/2 handshake. A followup question if you can spare the time:
Suppose that I set protocols to be Protocol.HTTP_2, Protocol.H2_PRIOR_KNOWLEDGE
and that I have known host_cleartext supports HTTP/2 cleartext, I use the client to request the resource http://host_cleartext/xxx
and https://other_host/yyy
.
I thought that h2_prior_knowledge
would be applied to my first request, and that after negotiating with other_host
through ALPN, either http/1.1 or http/2 over TLS(i.e. Protocol.HTTP_2, not sure whether my understanding of this Protocol enum is right) would be applied to my second request. Both requests would be processed as expected. I can't see where would corrupt.
Probably, issues would rise If I want to send HTTP/1.1 request, like http://host1/xxx
, and HTTP/2 cleartext request, like http://host_cleartext/xxx
, using one client with protocols Protocol.HTTP_1_1, Protocol.H2_PRIOR_KOWNLEDGE
? Because the client can't tell which request is http/2 cleartext applicable to.
from okhttp.
Yep, it could be made to work that way. But in general, I don't think it's clear what everyone would expect.
Enabling this but only as a 100% toggle was probably simpler.
from okhttp.
Yep, it could be made to work that way. But in general, I don't think it's clear what everyone would expect.
Enabling this but only as a 100% toggle was probably simpler.
Yep, it could be made to work that way. But in general, I don't think it's clear what everyone would expect.
Enabling this but only as a 100% toggle was probably simpler.
Yep, it could be made to work that way. But in general, I don't think it's clear what everyone would expect.
Enabling this but only as a 100% toggle was probably simpler.
Got it, thank you~
from okhttp.
Related Issues (20)
- Failing while building okhttp version parent-3.6.0 using mvn clean install HOT 1
- QUERY support
- No callbacks: no successful callbacks and no failed callbacks HOT 4
- TaskRunner's concurrent performance exhibits a significant decline in case of poor networks conditions HOT 19
- Calling response.body.string() on a MockWebServer response throws a SocketTimeoutException HOT 5
- java.net.SocketException: socket is closed HOT 11
- UTF-32LE and UTF-32BE BOM are incorrect
- Huffman : Fatal Exception: java.lang.NullPointerException HOT 3
- Delayed sending request HOT 17
- Replace @Synchronized with ReentrantLock to avoid virtual thread pinning HOT 1
- How to solve two identical key values in response headers
- A suggestion for the removeEntry function in the DiskLruCache class
- OkHttp + HTTP2 + ExoPlayer (media3): only the first 16 MiB of audio data is audible HOT 6
- ๅธๆok HOT 4
- Configuring timeout durations in a custom `ConnectionPool`
- When I use EventListener, the same call is called back twice connectStart HOT 3
- okhttp3.sse.EventSourceListener should be an interface HOT 2
- SSL Certification error in Databricks HOT 1
- Thread pinned when use virtual threads and socks5 proxy, Version 5.0.0-alpha.14 HOT 2
- NullPointerException in okhttp3.internal.connection.RealConnection.isHealthy()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okhttp.