Hi guys, I'm working on a pull request for adding SSL support to ReactiveMongo. ReactiveMongo uses Netty and I remembered that akka-remote has a nice NettySSLSupport, so I'm obviously borrowing stuff (not without copying in the license and reference to Typesafe and akka of course!). Sadly I can't reuse the NettySSLSupport class since it's private to akka. I got basic SSL working this way, and I'm now looking into client certificates. And that's where I'm getting a bit confused :-)
In the docs I see: 1. # This is the Java Key Store used by the client connection 2. trust-store = "truststore" The trust store is the keystore that you only keep trusted certificates in, like cacerts (public certs that you trust) as far as I know. Is client-authentication (client-side certificates) supported? the client certificates are normally not put in a truststore but in a separate keystore, since (If I'm correct) SSL/TLS needs both your client certificate and your client private key for the whole process. It looks like the configured "key-store" value is only used on the server side, so I would not be able to put client certificates there on the client side? Does this mean that, when I have Server A and B, that I need to put the client certificates of A on B, and of B on A, in the file that key-store refers to in the config? This is a bit confusing for me. The client should present it's certificate when the server requests client-authentication. Also, I don't see code that uses setNeedClientAuth or setWantClientAuth, or any way to configure it, so looks like you can't say that the server wants or requires client certs. Is that correct? Another thing that might be nice is to allow users to use SSL without having to specify the exact location of the keystores and use the defaults (which can work for SSL without client certificates, using the cacerts that comes with the JDK, and using the default SecureRandom etc.). I haven't looked into SSL for a while so It's very possible I'm misunderstanding. Cheers, Ray -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: http://akka.io/faq/ >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/groups/opt_out.
