Use private SSL context with OkHttpClient to avoid libssl crash.

- See square/okhttp#184.
UweTrottmann · Dec 21, 2013 · 1be1a6d · 1be1a6d
1 parent fade7a2
commit 1be1a6d
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/src/main/java/com/uwetrottmann/getglue/client/GetGlueHttpClient.java b/src/main/java/com/uwetrottmann/getglue/client/GetGlueHttpClient.java
@@ -32,8 +32,11 @@
 import java.io.PrintWriter;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.GeneralSecurityException;
 import java.util.Map;
 
+import javax.net.ssl.SSLContext;
+
 /**
  * Using a custom {@link org.apache.oltu.oauth2.client.HttpClient} implementation which can follow
  * protocol redirects, as GetGlue redirects from https to http once the grant code was accepted.
@@ -49,7 +52,7 @@ public <T extends OAuthClientResponse> T execute(OAuthClientRequest request,
         int responseCode = 0;
 
         try {
-            OkHttpClient client = new OkHttpClient();
+            OkHttpClient client = createOkHttpClient();
             connection = client.open(new URL(request.getLocationUri()));
             connection.setConnectTimeout(15 * 1000 /* milliseconds */);
             connection.setReadTimeout(20 * 1000 /* milliseconds */);
@@ -110,4 +113,24 @@ public <T extends OAuthClientResponse> T execute(OAuthClientRequest request,
     public void shutdown() {
 
     }
+
+    /**
+     * Create an OkHttpClient with its own private SSL context. Avoids libssl crash because other
+     * libraries do not expect the global SSL context to be changed. Also see
+     * https://github.com/square/okhttp/issues/184.
+     */
+    private static OkHttpClient createOkHttpClient() {
+        OkHttpClient okHttpClient = new OkHttpClient();
+
+        SSLContext sslContext;
+        try {
+            sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, null, null);
+        } catch (GeneralSecurityException e) {
+            throw new AssertionError(); // The system has no TLS. Just give up.
+        }
+        okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
+
+        return okHttpClient;
+    }
 }