Hakky54 commented on PR #706: URL: https://github.com/apache/tomcat/pull/706#issuecomment-2168908756
> This wrapper class appears to specifically discard the key managers and trust managers. I used my own example from my own project to demonstrate the usage of it within the PR description, however the code changes are slightly different. It has a constructor requireding the SSLContext, KeyManager and TrustManager. > The constructor captures its arguments and then ignores them forever after that. Why bother capturing them in the first place? Well actually it is using the KeyManager and TrustManager, see here: https://github.com/apache/tomcat/pull/706/files#diff-8ed2a43a8b2f354b707c0fdb8cd5b794e5a476ecbf603b2ba69af5eea18b3cc4R73-R81 So it is using all of the objects from the constructor even the SSLContext itself. It just acts as a wrapper to simplifies the usage of a custom `org.apache.tomcat.util.net.SSLContext` > If the goal is to allow "instant" reloading of the SSL configuration... that capability already exists in Tomcat. In my pull request description I mentioned the usage of ssl reloading, but this was an example to demonstrate how I used it with the resulting wrapper which I needed to add to provide a custom ssl configuration. So I wanted to point out there that the developer who want's to have a custom ssl configurationn always needs to create a wrapper on their side or else it won't work. So the reloading of tomcat was just an example but I use it also for different use cases, such as: - Combining custom truststore, cacert and System keystore as a TrustManager - Fetching certificates as pem from a database and constructing the KeyManager and TrustManager - Using a custom TrustManager which can prompt when the certificate is not trusted yet and whether it needs to be trusted, ss it can be added to the exusting list of trusted certificates - Managing ssl sessions It might be that I am the only developer which is working in this kind of edge cases... So all of these scenario's are working for me already actually while using the [wrapper class](https://github.com/apache/tomcat/pull/706/files#diff-8ed2a43a8b2f354b707c0fdb8cd5b794e5a476ecbf603b2ba69af5eea18b3cc4), I thought it would be nice to move it to apache tomcat to simplify the usage of it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
