Hi Andreas, I agree with Asankha, please see my comments inline;
On Tue, Jul 21, 2009 at 12:01 AM, Asankha C. Perera <[email protected]>wrote: > Andreas > > Indika, > > > > What do you mean exactly by "enable to represent multiple identities > > by synapse itself"? > > > Typically Customer A may give Synapse a certificate signed by itself, > and ask Synapse to use it when talking to it. Similarly Customer B could > do that. This means, that depending on the endpoint Synapse talks to, it > needs to use a 'selected' identity certifcate when doing 2-way SSL. I > have seen this usually happen as sometimes, large organizations have > their own CA etc.. and wants parties talking to them to use 'specific' > client certificates. I don't think I can explain this better than Asankha :-) but just for a fact it is a common scenario... We have a number of clients who are asking for this feature. > > > Indika is also mentioning another - slightly different scenario, where > Synapse needs to present multiple server certificates to its clients - > however, this requires listening on multiple ports - and I do not think > there is any other possibility at all to get around it. But this could > be achieved fairly easily by allowing multiple https listeners on > multiple sockets I think you are absolutely correct, because at the SSL decryption (transport) layer you do not have the notion of a service and the message is not dispatched to the service. So it is not possible at all to get a reference to the cert specific to the service at this layer. So the approach is to keep multiple http listeners... I guess Amila has fixed an issue on axis2 which permits it being two transport listeners for the same protocol and will require a small fix to the NHTTP transport as well. With that the second requirement will be fulfilled. Thanks, Ruwan > > > cheers > asankha > > -- > Asankha C. Perera > AdroitLogic, http://adroitlogic.org > > http://esbmagic.blogspot.com > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Ruwan Linton Technical Lead & Product Manager; WSO2 ESB; http://wso2.org/esb WSO2 Inc.; http://wso2.org email: [email protected]; cell: +94 77 341 3097 blog: http://ruwansblog.blogspot.com
