> From: Scott Lewis <[email protected]>
>
> Hi Tom,
>
>> On 12/11/2013 5:47 AM, Thomas Watson wrote:
>> We may be able to put org.eclipse.osgi.service.security package in
>> supplemental, but would it be possible to have others supply a
>> different fragment that implements ECFTrustManager in another way?
>
> Possibly. Could you explain what you have in mind?
>
>> Even if we move the org.eclipse.osgi.service.security API to the
>> supplement bundle you would still need an implementation of
>> TrustEngine to plug into ECFTrustManager.
>
> Yes...where (what bundle) is the equinox TrustEngine implementation(s)?
>
A TrustEngine which is backed by a keystore is implemented by the Equinox
framework [1]. By default the framework registers a TrustEngine that is
backed by the CA certs usually provided by the VM installation, but the
framework can be configured to use a different keystore if desired. I'm
not sure if in your ssl scenarios some other entity is also registering a
TrustEngine service. My thought was that some other fragment could be
implemented that provides an alternative implementation of ECFTrustManager
that simply looks at the CA certs keystore themselves instead of using a
TrustEngine service to do that work for them.
Tom
[1]
http://git.eclipse.org/c/equinox/rt.equinox.framework.git/tree/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.java
_______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
