Re: SSL Engine configuration for setNeedClientAuth

Tue, 02 Jun 2009 17:20:20 -0700 

Thanks Oleg. That would be perfect. I did not realize that
SSLIOSessionHandler already provides access to SSLEngine BEFORE an
SSLSession gets established. I commend the good design effort put into this
project.

- J.D.


olegk wrote:
> 
> johndoe Doe wrote:
>> I need to configure the SSLEngine created in
>> org.apache.http.impl.nio.reactor.SSLIOSession used by
>> org.apache.http.impl.nio.SSLServerIOEventDispatch to control client auth
>> using setNeedClientAuth.
>> 
>> Extending SSLServerIOEventDispatch, the implementation of
>> createSSLIOSession(IOSession, SSLContext, SSLIOSessionHandler) can be
>> overridden but in order to accomplish the aforesaid, it would be better
>> to reuse SSLIOSession and tune its SSLEngine based on some used defined
>> tunables. One way to enable this would be to add a new method in
>> SSLIOSession:
>> 
>> protected SSLEngine getSSLEngine() 
>> {
>>     return(this.sslEngine);
>> }
>> 
>> This enables extending SSLIOSession to tune SSLEngine as per requirements
>> and hence use the full configurablilty of SSLEngine and use this extended
>> SSLIOSession in an extended SSLServerIOEventDispatch. Can we have this
>> method in a future release?
>> 
>> -J.D.
>> 
>> 
>> 
>>       
> 
> J.D.
> 
> It is not a big deal to add #getSSLEngine() method to the SSLIOSession 
> class, but have you looked at the SSLIOSessionHandler interface? Its 
> purpose is precisely to enable users to tune SSLEngine. The benefit of 
> using the interface is that it the SSLServerIOEventDispatch class can 
> sure that the SSLEngine is configured at the right moment of its life
> cycle.
> 
> SSLIOSessionHandler sslHandler = new SSLIOSessionHandler() {
> 
>      public void initalize(
>              SSLEngine sslengine,
>              HttpParams params) throws SSLException {
>          sslengine.setNeedClientAuth(true);
>      }
> 
>      public void verify(
>              SocketAddress remoteAddress,
>              SSLSession session) throws SSLException {
>      }
> 
> };
> 
> IOEventDispatch ioEventDispatch = new SSLServerIOEventDispatch(
>          handler,
>          sslcontext,
>          sslHandler,
>          params);
> 
> Would that solve the problem for you?
> 
> Oleg
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/SSL-Engine-configuration-for-setNeedClientAuth-tp23828283p23843326.html
Sent from the HttpComponents-Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to