On 27-Apr-07, at 11:42 AM, Jerome Louvel wrote:
Please do experiment with Simple, this improvement could be part of
the
upcoming 1.1 branch that we will create after 1.0.1 release next
week. I can
take care of other connectors if needed.
It's already on the same ticket as my other SSL concern (accessing
session parameters). If they were both done in 1.1, it would be great
for me. :)
http://restlet.tigris.org/issues/show_bug.cgi?id=281
--Toby
Best regards,
Jerome
-----Message d'origine-----
De : Chuck Hinson [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 27 avril 2007 16:20
À : [email protected]
Objet : RE: RE: RE: 2-way SSL authentication
I intend to do the experiment with the Simple adapter - as
long as our project direction permits.
I did not look at the other adapters, but any adapter that
works similarly to the Simple one and uses the java SSLSocket
should be configurable in the same way that Simple adapter.
--Chuck
-----Original Message-----
From: Jerome Louvel [mailto:[EMAIL PROTECTED]
Sent: Friday, April 27, 2007 9:53 AM
To: [email protected]
Subject: RE: RE: 2-way SSL authentication
OK, that's clear now :)
If you could experiment your proposition with the Simple
HTTPS connector, that would be great. We could then apply it
to other connectors.
For the ServerServlet adapter, I think this would be the
responsibility of the Servlet container to provide this
feature. I don't think that the Servlet API itself allows to
configure this aspect.
Best regards,
Jerome
-----Message d'origine-----
De : Chuck Hinson [mailto:[EMAIL PROTECTED] Envoyé :
vendredi
27 avril 2007 15:21 À : [email protected] Objet : RE: RE:
2-way SSL authentication
No, I mean SSL with client authentication - i.e., rather
than just the
server authenticating itself to the client (by sending its server
cert), both the client and the server authenticate with each other.
I did look at the code for the Simple HttpsServerHelper and
it appears
that it would be relatively simply to accomplish this. The
main issue
would be change the call to
SLLContext.init() to include a TrustManagers along with the
KeyManagers - along the lines of:
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory,getTrustManagers(), null);
This would require some additional properties in order to
be able to
specify the location of the trust store and password along with
specifying whether or not client authentication is not asked for at
all; asked for but not required; or required.
I suspect that a similar solution exists for the Servlet
server helper
if not all of the other helpers.
--Chuck
-----Original Message-----
From: Jerome Louvel [mailto:[EMAIL PROTECTED]
Sent: Friday, April 27, 2007 1:48 AM
To: [email protected]
Subject: RE: 2-way SSL authentication
Chuck,
Sorry I'm not sure I understand. Do you mean reusing the exact same
SSL socket?
Otherwise a single Restlet application can use an HTTPS server and
client connector at the same time. But it seems that you
are looking
for more, right?
Best regards,
Jerome
-----Message d'origine-----
De : Chuck Hinson [mailto:[EMAIL PROTECTED] Envoyé :
jeudi 26
avril 2007 17:45 À : [email protected] Objet : 2-way SSL
authentication
Does anyone know if it is possible to use Restlets in
scenarios where
https with 2-way/client authentication is required
(server-side and
client-side)?
-Chuck
------------------------------------
Chuck Hinson
Gestalt LLC
phone: 610.994.2833
IM: chucking24 (Yahoo)
