Groovy HTTPBuilder gets Service Unavailable for SSL endpoint

1.3k views Asked by At

Even when using ignoreSSLIssues() a Spring Boot Actuator /health endpoint is not available since the service's route was switched from http to https.

I've used this pattern successfully on other SSL endpoints. Why does this one get Service Unavailable. The same URL is accessible in browser.

def url = "https://some.service.company.com"
def client = new HTTPBuilder(url)
client.ignoreSSLIssues()
def json =  client.get(path: "/health")
println json

groovyx.net.http.HttpResponseException: Service Unavailable

2

There are 2 answers

0
Todd W Crone On

For now, I had to just use Apache HTTP Client library because it handles the TLS Server Name Idendification (SNI) which perhaps Groovy HTTPBuilder does not or I couldn't find how to make it do so.

Here is how I inevitably (roughly) achieved the same thing over SSL with Apache HTTP Client:

    SSLContextBuilder builder = new SSLContextBuilder()
    def trustAll = [isTrusted: { X509Certificate[] cert, String s -> true } 
    ] as TrustStrategy
    builder.loadTrustMaterial(null, trustAll)
    def factory = new SSLConnectionSocketFactory(builder.build())
    def httpClient = HttpClients.custom().setSSLSocketFactory(factory).build()

    String url = "https://some.service.com/health"
    HttpGet getRequest = new HttpGet(url)
    HttpResponse response = httpClient.execute(getRequest)
1
gargii On

We encountered the same problem when using HTTPBuilder v0.7.1. It turned out that HTTPBuilder itself is working fine.

We fixed it by updating these dependencies to the most up-to-date versions:

org.apache.httpcomponents:httpasyncclient:4.1.3
org.apache.httpcomponents:httpclient:4.5.5
org.apache.httpcomponents:httpcore:4.4.9
org.apache.httpcomponents:httpcore-nio:4.4.9

I guess the SNI is in fact done by Apache HTTP Client, that's why it works for us now.