On 4-Apr-07, at 4:16 AM, Jerome Louvel wrote:
Hi Toby,
Do you want to get an instance of javax.net.ssl.SSLSession? This
seems to
contain quite useful info. But I also see that you can use
getSessionContext() to gain access to other sessions... May this be a
confidentiality issue?
What are the SSL session properties that you are actually
interested in?
I'm only interested in the session in which a request arrived. I'd
like to inspect client certificate (getPeerCertificates()). This is
normally possible, e.g. Apache's mod_ssl provides these: http://
www.modssl.org/docs/2.8/ssl_reference.html#ToC25
I also wish to require client authentication (setNeedClientAuth() on
the SSLSocket).
--Toby
Best regards,
Jerome
-----Message d'origine-----
De : Toby Thain [mailto:[EMAIL PROTECTED]
Envoyé : mardi 3 avril 2007 21:52
À : [email protected]
Objet : SSLSession parameters?
Hi,
I'd like to access some of the SSL session parameters for an HTTPS
protocol handler. My head is spinning from looking at the source
code. Can somebody drop me a simple clue as to approach, or should I
just forget about the idea? :-)
TIA,
--Toby
