Hi, Httpclient, Thanks for the kind words, Odi, Oleg, Sebb - and thanks for looking at the code!
I read the link Oleg provided [1], and Sebb has a point - I think I need myself and my employer to fill out these two forms and fax them in: http://www.apache.org/licenses/cla-corporate.txt http://www.apache.org/licenses/icla.txt I'll try and get that done soon - hopefully it won't take more than two weeks. Personally right now I prefer the idea of a separate "Commons" project. Would anyone like to put this code inside the "Commons-Sandbox"? I'm leaning this way for three reasons - 1. I see some activity in commons-net recently about implementing SFTP - and I think tihs code could help there. (Mind you - they've done a pretty good job already by the look of things!) 2. I am somewhat vain and dream of one day having a jar file I helped create sit in tomcat/server/lib. 3. I *really* like typing "java -jar commons-ssl.jar" to use that ssl-ping utility. But this would require a permanent stealing of Base64 :-( [I already use that ssl-ping utility at least one or two times a week!] But I would also hate to create ANOTHER jar file dependency for httpclient - so I'm torn. We could always put this code inside HTTPComponents for now, and split it out later into a separate sub-project if that made sense at some future time. Could we maybe have a vote? Once the faxes of the "Contributor Licenses" are in, I will send in a JIRA bugreport. yours, Julius -----Original Message----- From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] Sent: Thu 5/4/2006 1:18 AM To: HttpClient Project Cc: Subject: Re: attempt at implementing "commons-ssl" On Wed, 2006-05-03 at 17:25 -0700, Julius Davies wrote: > Hi, Httpclient, > > My employer (Credit Union Central of British Columbia) has given me > permission to donate some code to Apache. This code comes from my > earlier attempt on this list to get HTTPClient to accept self-signed > certificates. > > Here's the code: > http://juliusdavies.ca/commons-ssl/ > > Hi Julius, Starting a whole new project within Jakarta Commons is a difficult proposition. You will have submit a formal sub-project proposal for consideration and that involves a lot of work and certain preconditions. Please refer to the Jakarta Subproject Proposals [1] for details If you do not mind donating just certain pieces rather than the whole thing, I am sure we can find home for most of those classes within HttpComponents (proper or contrib) Cheers, Oleg [1] http://jakarta.apache.org/site/newproject.html > The way it works looks like this: > > SSLClient client = new SSLClient(); > client.addTrustMaterial( TrustMaterial.CACERTS ); > client.addTrustMaterial( new TrustMaterial( "/path/to/cert.pem" ) ); > SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 ); > > I put in a createSocket() that takes a timeout integer value to make > your life easier. > > I've put in a "ping" utility I'm finding very handy. It writes "HEAD / > HTTP/1.1" on a socket and then spits out any errors, including > certificate chains (in Base64 PEM format). It's the default class in > the manifest, so all you need to use it is run: > > java -jar commons-ssl.jar > > Here's what it spits out if you don't specify any options: > > ============================================================== > Usage: java -jar commons-ssl.jar [options] > Options: (*=required) > * -t --target [hostname[:port]] default port=443 > -b --bind [hostname[:port]] default port=0 "ANY" > -c --client-cert [path to client certificate] *.jks or *.pfx > -p --password [client cert password] > > Example: > > java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt` > ============================================================== > > Here's what it spits out after a successful run: > > $ java -jar commons-ssl.jar -t www.cucbc.com > > Writing: > ================================================================================ > HEAD / HTTP/1.1 > Host: www.cucbc.com > > Reading: > ================================================================================ > HTTP/1.1 200 OK > Date: Thu, 04 May 2006 00:22:27 GMT > Server: Apache/2.0.46 (Red Hat) > Accept-Ranges: bytes > Connection: close > Content-Type: text/html; charset=UTF-8 > > Server Certificate for: [www.cucbc.com/64.114.5.46:443] > ================================================================================ > s.0: CN=www.cucbc.com, O=Credit Union Central of British Columbia, > L=Vancouver, ST=British Columbia, C=CA > i.0: [EMAIL PROTECTED], CN=Thawte Premium Server CA, OU=Certification > Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA > -----BEGIN CERTIFICATE----- > MIIDdjCCAt+gAwIBAgIDIhV6MA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJa > QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb > BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 > aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBT > ZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5j > b20wHhcNMDUxMTEwMTkxMzE3WhcNMDYxMTEwMTkxMzE3WjCBhzELMAkGA1UEBhMC > Q0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl > cjExMC8GA1UEChMoQ3JlZGl0IFVuaW9uIENlbnRyYWwgb2YgQnJpdGlzaCBDb2x1 > bWJpYTEWMBQGA1UEAxMNd3d3LmN1Y2JjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB > jQAwgYkCgYEAr6PzKwELErUMueWqE7c+BDw9Cp2zNyivHmLWKpL/82xQCq+VG6Nx > OFVpg7rLMMgkbabFD5F8bC63ALaURfxtggWBOCpaHhr78F25rolWPRfpaGtjXeMk > Of3t/LeGImdljAqetHft51i6SE1EKxD8du9eTN7wNI7Sj8olgHY2MgkCAwEAAaOB > pjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1 > oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJD > QS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50 > aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAl0DrUmw2 > 2+ua2oh1mpxcqOlHAhW3DJvHd2dXYrEYivd0cJ1mFJahfGDfbM2VuFkKgTgKF3Wu > /fzH8AERAuYz80WGifvXk3U3CgxOT0Cuv2MzaNMUuNw76iZmNjD9Rfh3flA+HWZj > kkpeS0oIu2QDgK1tN3TAfGWMaU9p50r5W9E= > -----END CERTIFICATE----- > > It even prints out the certificates if the SSL handshake fails, so that > can be very handy when you've got miscreant client certificates or typos > in your truststores! > > If you would like to read the code, or try playing with it, please check > out this URL: > > http://juliusdavies.ca/commons-ssl/ > > Unfortunately I haven't included a build script yet, but just going into > the "org/apache/commons/ssl" directory and typing "javac *.java" does > the trick. There are no dependencies at this time (for now I've stolen > Base64.java from commons-codec!). > > > What should I do to try and get a new "commons-ssl" project started? If > this code is accepted, I would like to bring HTTPClient's "contrib-ssl" > into the HTTPClient 4.0 branch, and depend on "commons-ssl". > > Sorry if I'm a little breathless. I'm pretty excited. > > > > yours, > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
