From 82584ae71e11e53d3c75d8cb6dfe5c9f974ca1af Mon Sep 17 00:00:00 2001
From: Ray Cheung <github@pragmatic.hk>
Date: Tue, 30 Apr 2024 13:56:12 +0800
Subject: [PATCH 1/2] Fix incorrect socket state when using SOCKS proxy

The socket gets into an incorrect state across threads when the
connection-manager is shared. New sockets should be created, same as
plain HTTP.
---
 src/clj_http/conn_mgr.clj | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/clj_http/conn_mgr.clj b/src/clj_http/conn_mgr.clj
index 111c64ff..7cb75e25 100644
--- a/src/clj_http/conn_mgr.clj
+++ b/src/clj_http/conn_mgr.clj
@@ -41,10 +41,8 @@
   ([socket-factory ^SSLContext ssl-context]
    (let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))]
      (proxy [SSLConnectionSocketFactory] [ssl-context']
-       (connectSocket [timeout socket host remoteAddress localAddress context]
-         (let [^SSLConnectionSocketFactory this this] ;; avoid reflection
-           (proxy-super connectSocket timeout (socket-factory) host remoteAddress
-                        localAddress context)))))))
+       (createSocket [context]
+         (socket-factory))))))
 
 (defn ^PlainConnectionSocketFactory PlainGenericSocketFactory
   "Given a Function that returns a new socket, create a

From 793994040f6c4244886adf8fcecf0f033d72e036 Mon Sep 17 00:00:00 2001
From: Ray Cheung <github@pragmatic.hk>
Date: Thu, 21 Aug 2025 07:32:07 +0800
Subject: [PATCH 2/2] Pass in HostnameVerifier

---
 src/clj_http/conn_mgr.clj | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/clj_http/conn_mgr.clj b/src/clj_http/conn_mgr.clj
index 7cb75e25..9e90985b 100644
--- a/src/clj_http/conn_mgr.clj
+++ b/src/clj_http/conn_mgr.clj
@@ -37,10 +37,10 @@
   "Given a function that returns a new socket, create an
   SSLConnectionSocketFactory that will use that socket."
   ([socket-factory]
-   (SSLGenericSocketFactory socket-factory nil))
-  ([socket-factory ^SSLContext ssl-context]
+   (SSLGenericSocketFactory socket-factory nil nil))
+  ([socket-factory ^SSLContext ssl-context ^HostnameVerifier hostname-verifier]
    (let [^SSLContext ssl-context' (or ssl-context (SSLContexts/createDefault))]
-     (proxy [SSLConnectionSocketFactory] [ssl-context']
+     (proxy [SSLConnectionSocketFactory] [ssl-context' hostname-verifier]
        (createSocket [context]
          (socket-factory))))))
 
@@ -148,7 +148,9 @@
    (let [socket-factory #(socks-proxied-socket hostname port)
          registry (into-registry
                    {"http" (PlainGenericSocketFactory socket-factory)
-                    "https" (SSLGenericSocketFactory socket-factory (get-ssl-context config))})]
+                    "https" (SSLGenericSocketFactory socket-factory
+                             (get-ssl-context config)
+                             (get-hostname-verifier config))})]
      (PoolingHttpClientConnectionManager. registry))))
 
 (defn ^BasicHttpClientConnectionManager make-regular-conn-manager