search

rybalkinsd / kohttp

Kotlin DSL http client
https://kohttp.gitbook.io
Apache License 2.0
478 stars 42 forks source link

SSL configuration not working for JDK 9+ #183

Closed Hakky54 closed 4 years ago

Hakky54 commented 4 years ago

Hi,

Thank you for this awesome http client. I like the way that it is easy to use, but I encountered some limitations during the setup. I need to configure the client with TLS for a HTTPS connection. I followed the steps within the documentation but the underlying Okhttp client throws an exception. Below is the custom client configuration for Kohttp:

client {
    sslSocketFactory = //initialized sslSocketFactory
    hostnameVerifier = //initialized hostnameVerifier
}

It gives me the following exception:

Caused by: java.lang.UnsupportedOperationException: clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on JDK 9+
    at okhttp3.internal.platform.Jdk9Platform.trustManager(Jdk9Platform.kt:53)
    at okhttp3.internal.platform.Platform.buildCertificateChainCleaner(Platform.kt:152)
    at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.kt:737)
    at io.github.rybalkinsd.kohttp.client.ClientBuilderImpl.setSslSocketFactory(ClientBuilderImpl.kt:89)

By digging into the stacktrace I discovered that Okhttp marked the method sslSocketFactory method as deprecated and discourages to use it when configuring ssl. If you are still using it in combination with jdk 9 or newer it will throw the above exception.

The deprecated method has the following javadoc:

/**
   * Sets the socket factory used to secure HTTPS connections. If unset, the system default will
   * be used.
   *
   * @deprecated [SSLSocketFactory] does not expose its [X509TrustManager], which is a field that
   *     OkHttp needs to build a clean certificate chain. This method instead must use reflection
   *     to extract the trust manager. Applications should prefer to call
   *     `sslSocketFactory(SSLSocketFactory, X509TrustManager)`, which avoids such reflection.
   */

So unfortunately I am not able to use kohttp as I require to configure it with ssl/tls. Do you think it is possible for you guys to make it compatible with jdk 9 upwards by switching over to the overloaded method of okhttp?

Hakky54 commented 4 years ago

Hi @DeviantBadge and @rybalkinsd I see that the last commit to this project is from November 2019, are you guys still maintaining it? Just wondering

rybalkinsd commented 4 years ago

Hi @Hakky54, thanks for reporting this issue. I'll try to have a look in the next week. JIC, which JDK do you use?

As for project maintenance, there are couple of features we are planning to backport to OSS repo, mostly related to Android devX and test mocks. We're super happy to help any contributor to improve kohttp.

Hakky54 commented 4 years ago

Glad to hear you guys are still supporting it and thank you for the quick reply. I used open jdk 11 as well as oracle jdk 11.

I have some time and I would love to help you guys by contributing back, I will try to make a pull request. I will update it here