Re: Portable SSL Support

Fri, 16 Nov 2001 03:08:33 -0800 

[EMAIL PROTECTED] wrote:
> 
> On 14 Nov 2001, Eric Rescorla wrote:
> 
> > Well, I suppose that since JDK 1.1.x didn't stop you from putting
> > classes in java. I could do my own version of
> > java.security.cert.X509Certificate. A little gross but perhaps
> > the best plan. The alternative is to blatantly violate the spec
> > in 1.1 and just deliver something else.
> 
> I would say - don't worry about JDK1.1. Support for JDK1.1 is important
> for embeded devices ( but even there, GCJ does have X509Certificate - it
> already supports a large subset of JDK1.2, and that's included ).
> 
> > > > > You have to use request.getAttribute() in the JSPs/servlets.
> > > > Right, but that doesn't mean that we have to expose the SSLSupport
> > > > interface. Instead we could break out each individual property
> > > > we cared about into it's own attribute.
> > >
> > > To be consistant with 2.3 containers, I'd go with individually named
> > > attributes.
> 
> > Fine with me. Anyone object to this?
> 
> Individual attributes are good, but if possible with lazy evaluation.
> 
> The getInfo() callback in BaseInterceptor is supposed to do exactly that -
> allow you to lazy-evaluate expensive request fields, so only servlets that
> ask for the information will pay for it.

In TC3.3:
We have the following in Http10Interceptor.java:

+++
    public Object getAttribute(String name) {
        if (name.equals("javax.servlet.request.X509Certificate")) {
            return(certcompat.getX509Certificates(socket));
        }
        return(super.getAttribute(name));
    }
+++

A note stored via request.setNote("SSLSupport",SSLSupport) somewhere in
retrieved by getNote.
The code ends to be:
+++
    public Object getAttribute(String name) {
        if (name.equals("javax.servlet.request.X509Certificate")) {
            SSLSupport sslsupport = getNote("SSLSupport");
            if (sslsupport==null)
              return(null);
            return(sslsupport.getX509Certificates(socket));
        }
        return(super.getAttribute(name));
    }
+++
Ideas?

> 
> Costin
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to