On 30 March 2011 00:22, Andrew Kennedy <[email protected]>wrote:
> On 29 March 2011 18:57, Robert Godfrey <[email protected]> wrote: > > On 29 March 2011 19:31, Rajika Kumarasiri <[email protected]> wrote: > >> I have a one last question on the patch. I have registered SSL protocol > >> handler as the last handler in the chain where you have registered as > the > >> first ( see below for the diff). Please also refer [0]. And yes I tested > >> with following changes. > >> > >> Rajika > >> > >> @@ -363,7 +367,9 @@ > >> { > >> if (_sslFactory != null) > >> { > >> - > >> protocolSession.getFilterChain().addBefore("protocolFilter", > "sslFilter", > >> +// > >> protocolSession.getFilterChain().addBefore("protocolFilter", > "sslFilter", > >> +// new > >> SSLFilter(_sslFactory.buildServerContext())); > >> + protocolSession.getFilterChain().addLast("sslFilter", > >> new > SSLFilter(_sslFactory.buildServerContext())); > >> > > > > To be completely honest on debugging I found that there was only one > filter > > in the chain at the point this code gets called... I just thought that > > "first" for the SSL filter seemed more sensible that "last" (since you > want > > SSL decrypt before anything else) and so that's what I tried... it > worked... > > and I gave it no more thought :-) > > Hi. > > In my update to the networking stack I decided on adding SSL first as > well. There *are* other filters that may or may not be added, which > should come after this. For example, I experimented with logging and > executor filters, and there is the write and read buffer filtering > too. Also, Rob, I take it you'll remove the commented out lines of > code when this is checked in? Anyone interested in the history can > browse SVN if they want. > > Yeah - there's other tidying I'd want to do to cut out all the duplication around excludes... I'd just quickly hacked it to work over the weekend - the other thing that needs to be added are some tests so that we can see if someone ever breaks SSL again. -- Rob
