[jira] [Commented] (HTTPCLIENT-2278) SSLIOSession should catch UnsupportedOperationException from SSLEngine.getApplicationProtocol

[Arun Katkere (Jira)]

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725251#comment-17725251
 ] 

Arun Katkere commented on HTTPCLIENT-2278:
------------------------------------------

Well old enough that SSLEngine subclass does not override 
getApplicationProtocol. Javadoc for the exception says 
"{{{}[UnsupportedOperationException|https://docs.oracle.com/javase/8/docs/api/java/lang/UnsupportedOperationException.html]{}}}
 - if the underlying provider does not implement the operation." Shouldn't the 
caller handle this case?

Alternatively, if there is a non deprecated way of providing TlsDetails given a 
SSLEngine instance, that would work as well. It is not entirely clear to me why 
DefaultClientTlsStrategy.tlsDetailsFactory was deprecated. 
https://issues.apache.org/jira/browse/HTTPCLIENT-2182 doesn't really explain 
the rationale.

> SSLIOSession should catch UnsupportedOperationException from 
> SSLEngine.getApplicationProtocol
> ---------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-2278
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2278
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (async)
>    Affects Versions: 5.2.1
>            Reporter: Arun Katkere
>            Priority: Major
>
> When SSLEngine implementation is old and does not override 
> getApplicationProtocol from SSLEngine, HttpClient async fails with:
> java.lang.UnsupportedOperationException
> at javax.net.ssl.SSLEngine.getApplicationProtocol(SSLEngine.java:1283)
> at 
> org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:429)
> at 
> org.apache.hc.core5.reactor.ssl.SSLIOSession.access$100(SSLIOSession.java:74)
> at 
> org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:201)
> at 
> org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:142)
> at 
> org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
> at 
> org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:178)
> at 
> org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:127)
> at 
> org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:86)
> at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
> at java.lang.Thread.run(Thread.java:750)
> Instead, SSLIOSession should catch UnsupportedOperationException from 
> getApplicationProtocol call and fall back to HTTP1_1. getApplicationProtocol 
> was added in a later version of Java 8, and not all SSL libraries support it.
> tlsDetailsFactory from DefaultClientTlsStrategy can be potentially used to 
> work around this, but it is deprecated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org