Niklas Gustavsson commented on FTPSERVER-93:

I have run into problems implementing this request. The X509ExtendedKeyManager 
only exist from Java 1.5 and we still support 1.4, so that is currently out of 
the questions.

Instead, I took the same approach as Tomcat (actually copied the class) but I 
run into very odd problems where the MINA based listener won't find a matching 
key for the SSL handshake. Note that this was without actually using an alias 
(just passing to the delegate key manager), in fact none of the methods on the 
key manager is ever called (it seems like the key manager is not deemed 
appropriate when JSSE looks for keys). I have no idea why, any help is welcome!

> Support for alias when configuring SSL
> --------------------------------------
>                 Key: FTPSERVER-93
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-93
>             Project: FtpServer
>          Issue Type: Wish
>          Components: Core
>    Affects Versions: 1.0-M1
>            Reporter: Steve Jones
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M2
> Configuration for the the SSL listeners should support an "alias".
> This would allow a particular key to be selected from a keystore.
> For reference, here's the tomcat class that does this:
>   org.apache.tomcat.util.net.jsse.JSSEKeyManager.java
> The only tricky part that I am aware of is that for JKS keystores the alias 
> should be converted to all lower case.
> Also for reference, this is the extended X509 key manager that uses aliases:
> http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/X509ExtendedKeyManager.html

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Reply via email to