Hi, I'm not sure if this is the right list to post this to or not, so please forgive me if it is not. If this is not the correct list, would someone please direct me to the correct place?
I'm creating a Java application that implements a custom SSL server. By "custom", I mean "implements its own KeyManager and TrustManager". Specifically, I am storing certificate and key information in a password-protected Derby database so that my certificate information can be stored in the same encrypted database as all my other application data, and also because I'm doing certificate validation a bit differently than the stock Java key store does. I see that Java is supposed to support SNI, but it's not clear to me how this happens, or where it happens, or if support for SNI extends only to client SSLSocket object, or if it also applies to SSLServerSocket objects. I can't find any documentation to tell me exactly how Java supports SNI, nor can I find any examples of using SNI, even from the client side of things. I'd like my chooseServerAlias function in my X509KeyManager implementation to pick a server alias based on what server the client is attempting to connect to. But, I can't seem to find any properties that are available through the "keyType", "issuers" or "socket" parameters that are passed to that method that would tell me which server the client is attempting to connect to. I thought perhaps that I could make my client SSLSocket specify which issuer/subject it was expecting to find on the server (and that information would find its way to the "issuers" parameter of the chooseServerAlias method), but I can't find any way to tell the client SSLSocket which certificate to expect or which local certificate to offer to the remote server. So, short version: where is Java's support for SNI actually documented in detail? And are there any sample code snippets that would show me how to use SNI? Or is Java's SNI implementation just based on the host name that you specify when creating your client SSLSocket? If so, where does that host name information show up in the chooseServerAlias function? Thanks for any help in advance! -- Tim Gustafson t...@tgustafson.com http://tgustafson.com/
