On Tue, Jun 15, 2010 at 11:14 PM, jean-frederic clere <jfcl...@gmail.com>wrote:
> On 06/16/2010 07:08 AM, Mladen Turk wrote: > > On 06/16/2010 12:34 AM, Costin Manolache wrote: > >> Hi, > >> > >> There are some methods in SSLContext to create and use a new BIO. Are > >> there > >> any examples/tests for this ? I can't find how to attach the BIO to a > >> socket, it seems SSL_set_bio is never called, can't figure what > >> SSLContext.setBIO() does. > >> > > > > I'd suggest you forget about those ;) > > > > SSL BIO allows to write a java code that will SSL use > > for read/write to the sockets. > > Jean-Frederic created those but cannot tell for what reason. > > The idea was to use java socket directly to have just the crypto layer > done by SSL but tc-native went another way. > I know - it allows one to use OpenSSL like SSLEngine - without doing the network IO trough OpenSSL. I'm not worried about the 4-5 extra JNI calls - we're talking about slow encryption here. For tomcat-lite - JSSE is a dead end, there is no way to support SPDY and a lot of other things are bad/missing ( i.e. most SSL extensions - hostname, session tickets, etc ). However I want to separate the I/O from the encryption. > > > Probably to allow direct java.sockets via SSL by writing > > custom wrapper for SSL Bio (really cannot figure out > > why would one wish to go trough 4 JNI callback layers for > > making a write, but it's there). > > Like you said it wasn't tested, and I was trying to > > axe this stuff from version 0.1, but it still hangs there. > > > > Why would you need that? > > If not needed we should remove it. > Well, I think it would be needed - if it would work. Tomcat-native can be used for more than the tomcat connector - especially since it's now easy to install on linux ( apt-get install :-). I would guess adding just the SSL_set_bio() would be enough - assuming the rest of the BIO impl is ok. Do you have any test code you used when implementing this ? I think adding the missing pieces may be better than trowing it away. Costin > Cheers > > Jean-Frederic > > > > > > > Regards > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
