RE: Portable SSL Support

>Or even better, in SSLInterceptor. No need to change Request >or the core - >if it can be done in a module, it's better to do it this way. A la mod_ssl :) -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: Portable SSL Support

+1 - Original Message - From: <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]>; "EKR" <[EMAIL PROTECTED]> Sent: Friday, November 16, 2001 1:53 PM Subject: Re: Portable SSL Support > On 16 Nov 2001, Eric Rescorla wrote:

Re: Portable SSL Support

PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Friday, November 16, 2001 1:42 PM Subject: Re: Portable SSL Support > "William Barker" <[EMAIL PROTECTED]> writes: > > > I was thinking of moving it to Http10Interceptor.getInfo, but oth

Re: Portable SSL Support

On 16 Nov 2001, Eric Rescorla wrote: > "William Barker" <[EMAIL PROTECTED]> writes: > > > I was thinking of moving it to Http10Interceptor.getInfo, but otherwise that > > was more or less what I was thinking. > Actually, ISTM that eventually this belongs in Request.getInfo(), since > that allows

Re: Portable SSL Support

"William Barker" <[EMAIL PROTECTED]> writes: > I was thinking of moving it to Http10Interceptor.getInfo, but otherwise that > was more or less what I was thinking. Actually, ISTM that eventually this belongs in Request.getInfo(), since that allows the use of SSLSupport with Ajp as well. For the m

Re: Portable SSL Support

ber 16, 2001 3:10 AM Subject: Re: Portable SSL Support > [EMAIL PROTECTED] wrote: > > > > On 14 Nov 2001, Eric Rescorla wrote: > > > > > Well, I suppose that since JDK 1.1.x didn't stop you from putting > > > classes in java. I could do my own version of &g

Re: Portable SSL Support

[EMAIL PROTECTED] wrote: > > On 14 Nov 2001, Eric Rescorla wrote: > > > Well, I suppose that since JDK 1.1.x didn't stop you from putting > > classes in java. I could do my own version of > > java.security.cert.X509Certificate. A little gross but perhaps > > the best plan. The alternative is to

Re: Portable SSL Support

On 14 Nov 2001, Eric Rescorla wrote: > Well, I suppose that since JDK 1.1.x didn't stop you from putting > classes in java. I could do my own version of > java.security.cert.X509Certificate. A little gross but perhaps > the best plan. The alternative is to blatantly violate the spec > in 1.1 and

Re: Portable SSL Support

On Wed, 14 Nov 2001, Paul Speed wrote: > > > Eric Rescorla wrote: > > > [snip] > > > > > > To be consistant with 2.3 containers, I'd go with individually named > > > attributes. > > Fine with me. Anyone object to this? > > > > -Ekr > > I'm confused. Is this for Tomcat 3.x or Tomcat 4.x? I thoug

Re: Portable SSL Support

On Thu, 15 Nov 2001, jean-frederic clere wrote: > > > Yes, but the question is what does it costs to setAttribute each time we process > > > a request even if the servlet does not do a getAttribute. > > > Yes, this is a good point. This suggests that we ought to just > > expose SSLSupport as a si

Re: Portable SSL Support

Eric Rescorla wrote: > > > Eric Rescorla wrote: > > > jean-frederic clere <[EMAIL PROTECTED]> writes: > > > > Eric Rescorla wrote: > > > > With JDK 1.1.x and AJP a null is returned. > > > > With JDK 1.1.x should the CC be returned as a String? (I thought it was). > > > It's certainly not in the J

Re: Portable SSL Support

t; - Original Message - > From: "Paul Speed" <[EMAIL PROTECTED]> > To: "Tomcat Developers List" <[EMAIL PROTECTED]> > Sent: Wednesday, November 14, 2001 11:39 AM > Subject: Re: Portable SSL Support > > > > > > > Eric Rescorla

Re: Portable SSL Support

3.3 and 4.x. - Original Message - From: "Paul Speed" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 11:39 AM Subject: Re: Portable SSL Support > > > Eric Rescorla wrote: > > > [sni

Re: Portable SSL Support

Message - From: "Eric Rescorla" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 11:23 AM Subject: Re: Portable SSL Support > "William Barker" <[EMAIL PROTECTED]> writes: > > >

Re: Portable SSL Support

Eric Rescorla wrote: > [snip] > > > > To be consistant with 2.3 containers, I'd go with individually named > > attributes. > Fine with me. Anyone object to this? > > -Ekr I'm confused. Is this for Tomcat 3.x or Tomcat 4.x? I thought it was the former, but all of the servlet 2.3 comments rec

Re: Portable SSL Support

"William Barker" <[EMAIL PROTECTED]> writes: > > jean-frederic clere <[EMAIL PROTECTED]> writes: > > > Eric Rescorla wrote: > > > > A few issues remain: > > > > (I) Is portability to JDK 1.1.x desirable/a requirement? Both the > > > > existing JSSE code and my new code rely upon java.security.cert

Re: Portable SSL Support

- Original Message - From: "Eric Rescorla" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 9:17 AM Subject: Re: Portable SSL Support > jean-frederic clere <[EMAIL

Re: Portable SSL Support

jean-frederic clere <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > A few issues remain: > > (I) Is portability to JDK 1.1.x desirable/a requirement? Both the > > existing JSSE code and my new code rely upon java.security.cert.* > > which was introduced in JDK 1.2. Both JSSE and PureTLS pro

Re: Portable SSL Support

Eric Rescorla wrote: > > "William Barker" <[EMAIL PROTECTED]> writes: > > If you decide on 2a, like Costin, I'd prefer it as a property of the > > SocketFactory (the base class can return null, since Ajp1x would use it's > > own mechanism) rather than an interface. However, it's your call. > >

Re: Portable SSL Support

"William Barker" <[EMAIL PROTECTED]> writes: > If you decide on 2a, like Costin, I'd prefer it as a property of the > SocketFactory (the base class can return null, since Ajp1x would use it's > own mechanism) rather than an interface. However, it's your call. I ended up doing more or less what I

Re: Portable SSL Support

jean-frederic clere <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > <[EMAIL PROTECTED]> writes: > > > One simple workaround could be to abstract acceptSocket() too ( i.e. make > > > it a method in ServerSocketFactory or SSLSupport). > > Yes, we could do that. It's a little ugly but it avoid

Re: Portable SSL Support

Eric Rescorla wrote: > > <[EMAIL PROTECTED]> writes: > > Setting the socketFactory can force one behavior or another, but for > > 'regular' users it should be possible to just set secure and the code > > to detect what is available and use it. > I can do this. > > > > IMHO it's a mistake to rely

Re: Portable SSL Support

t Developers List" <[EMAIL PROTECTED]> Sent: Tuesday, November 13, 2001 8:52 AM Subject: Re: Portable SSL Support > > > 3. Originally I'd intended to have ServerSockets return a class > > that subclassed SSLSupport. E.g. > > > > class PureTLSSSLSocket extends SSL

Re: Portable SSL Support

<[EMAIL PROTECTED]> writes: > Setting the socketFactory can force one behavior or another, but for > 'regular' users it should be possible to just set secure and the code > to detect what is available and use it. I can do this. > > IMHO it's a mistake to rely on that behavior since it's kind of a

Re: Portable SSL Support

On Mon, 12 Nov 2001, Eric Rescorla wrote: > 1. I don't see how to make the switch-hit via a configuration file in > 3.3. If you set the "secure" variable for your virtual server, > PoolTCPConnector tries to load the class named in socketFactoryName, > or, if null, the class named in SSL_FACT (cu

Re: Portable SSL Support

jean-frederic clere <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > > As discussed on the list previously, I'm working on changing the SSL > > interfaces in Tomcat to make them more portable to various SSL > > toolkits, in particular PureTLS. In the process I've run into some > > issues

Re: Portable SSL Support

Eric Rescorla wrote: > > As discussed on the list previously, I'm working on changing the SSL > interfaces in Tomcat to make them more portable to various SSL > toolkits, in particular PureTLS. In the process I've run into some > issues that I wanted to run by the list. > > 1. I don't see how to