Charles Oliver Nutter wrote:
SSLEngine and friends are going to be a problem.
After looking a bit more, it seems like the SSL socket stuff is largely independent of BC. A new SSLContext is requested with SSLContext.getInstance("SSL"), not by specifying a specific provider with SSLContext.getInstance("SSL", "BC"). I removed the line in OpenSSLReal that registers BC and was able to connect to an https site with net/https. And as a final test, I removed BC from the jopenssl Class-Path manifeset, disabled binding of all but the SSLSocket-related classes and modules, and it still worked.
So it seems like we really have two separate pieces here in JRuby-OpenSSL: one to provide all the encryption, key, cert, and so on capabilities one would need to implement one's own file or stream-based encryption logic, and a pre-build SSL socket implementation. The former is dependent on BC; the latter is not.
Ola, please jump in any time and confirm this. It seems like if we can get SSL sockets working without BC present that would be a huge way to simplify this problem in the near term while we work on making the rest of jopenssl use BC's lightweight APIs directly.
- Charlie --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
