Hi Chris, Bruno Harbulot wrote: > Hi Chris, > > [email protected] wrote: >> I use Restlet Version 1.1 >> >> I tried it this way: >> >> Client client = new Client(new Context(), Protocol.HTTPS); >> Context con = client.getContext(); >> Series<Parameter> param1 = con.getParameters(); >> param1.add("sslContextFactory","MySSLContextFactory"); >> >> where MySSLContextFactory has the base class >> com.noelios.restlet.util.SslContextFactory >> >> But it is not working that way. > > Can you clarify how it's not working? > > > There's more documentation here: > [1] http://wiki.restlet.org/docs_1.1/13-restlet/27-restlet/46-restlet.html > [2] http://wiki.restlet.org/docs_1.1/13-restlet/28-restlet/153-restlet.html > > > There is a difference between using parameters and attributes when > setting the context (as mentioned in [1]). > When passing the settings via parameters, "sslContextFactory" must be a > class name, and you should also pass whatever other parameters your > SslContextFactory expects (I'm not sure what they are in your case). > This is more or less what's described in [2] for PkixSslContextFactory. > Most of the "keyStore*" parameters also work for the > DefaultSslContextFactory. > > > If you want to pass an SslContextFactory that has already been > configured (perhaps with more advanced options), you might want to pass > the instance via the "sslContextFactory" /attribute/ in the context, in > which case the value of the "sslContextFactory" /parameter/ will be ignored. > > This could look like this, for example: > > import org.jsslutils.sslcontext.PKIXSSLContextFactory; > import org.jsslutils.sslcontext.trustmanagers.GsiWrappingTrustManager; > > final PKIXSSLContextFactory sslContextFactory = new > PKIXSSLContextFactory(..., ..., ...); > for (String crl : ...) { > sslContextFactory.addCrl(crl); > } > > sslContextFactory.setTrustManagerWrapper(new > GsiWrappingTrustManager.Wrapper()); > > server.getContext().getAttributes().put("sslContextFactory", > new SslContextFactory() { > @Override > public SSLContext createSslContext() throws Exception { > return sslContextFactory.buildSSLContext(); > } > > @Override > public void init(Series<Parameter> parameters) { > } > });
Sorry, I've just realised I had missed the point of the question: the client (whereas my example is for a server). SslContextFactories are not currently supported on the client side. For more details, see: http://restlet.tigris.org/issues/show_bug.cgi?id=586#desc4 There are ways around this. You can create an SSLContextFactory with jSSLutils and create an SSLContext out of it. If you're using Java 6 and the default Java connector, you can set this SSLContext using SSLContext.setDefault(...). If you're using the Apache HTTP client connector, use the method described in issue #586, with this http://code.google.com/p/jsslutils/wiki/ApacheHttpClientUsage In both cases, the settings will be global for all your client connectors. Best wishes, Bruno. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1028330
