Explicit SSL support for non-servlet requests

Issue #149 resolved

Former user created an issue 2015-09-29

HTTPRequest does not provide a means of setting SSL context or otherwise configuring for SSL outbound calls to the OP (at least not for non-servlet-based usage). The only way to achieve right now is to use HttpsUrlConnection's global default SSL socket factory, which is not acceptable if this code will be used outside of a vacuum.

Seeing as SSL is a requirement for the underlying OAuth2 spec, this seems like a REALLY big oversight.

Comments (8)

Connect2id OSS
This makes sense. Have you got any suggestion how the SSL context setting should look like?
- 2015-09-29T07:50:12+00:00
Don Gay
Without thoroughly reviewing the APIs, I hesitate, but off the top of my head, adding the following to HTTPRequest seems simple enough:

public HttpsURLConnection toHttpsURLConnection(SSLSocketFactory)

or

public HttpsURLConnection toHttpsURLConnection(SSLContext)
- 2015-10-01T16:48:30+00:00
Connect2id OSS
Thanks for getting back. We'll try to implement something along this lines. Stay tuned.
- 2015-10-05T06:47:25+00:00
Connect2id OSS
- changed status to open
- 2015-10-09T09:58:19+00:00
Connect2id OSS
Adds default & instance SSLSocketFactory and HostnameVerifier support to HTTPRequest, commit 5b4d2b9.
- 2015-10-10T05:29:57+00:00
Connect2id OSS
- changed status to resolved
Hi Donald,

Explicit SSL support is now part of v4.17:

http://search.maven.org/#artifactdetails|com.nimbusds|oauth2-oidc-sdk|4.17|jar

http://static.javadoc.io/com.nimbusds/oauth2-oidc-sdk/4.17/com/nimbusds/oauth2/sdk/http/HTTPRequest.html
- 2015-10-11T17:09:26+00:00
Don Gay
Great! Thanks for the quick turnover.
- 2015-10-12T13:58:16+00:00
Connect2id OSS
You're welcome. If you find other problematic areas, let us know so we can continue improving the SDK.
- 2015-10-12T14:19:36+00:00
Log in to comment

Assignee: connect2id

Type: enhancement

Priority: critical

Status: resolved

Milestone: C2ID server 1.0

Votes: 0

Watchers: 3