Re: [HttpComponents] Home for NIO SSL

Fri, 09 Feb 2007 11:30:56 -0800 

On Fri, 2007-02-09 at 10:59 -0800, Julius Davies wrote:
> +1.
> 
> I think it's a good idea.  Will it be a separate jar file distributed
> alongside the main httpclient.jar?  (e.g.  http-nio-ssl-java5.jar?)
> 
> Oleg, I'm curious if not-yet-commons-ssl should include a tiny bit bit
> of support for this?  All I need to do is make the SSLContext
> available, right?  So maybe people could do these kinds of things
> before passing the SSLContext off to your module:
> 
> SSL ssl = new SSL();
> ssl.setCheckExpiry( false );
> ssl.setCheckCRL( true );
> ssl.setTrustMaterial( TrustMaterial.TRUST_ALL );
> ssl.setKeyMaterial( km );
> SSLContext context = ssl.getSSLContext();
> 
> passOffToOleg( context );
> 

Julius,

You'll see that NIO SSL and not-yet-commons-ssl will make together an
ultimate kick-ass combo. The I/O session SSL decorator needs a fully
initialized SSLContext to do its magic and this is where
not-yet-commons-ssl would come very handy:

    public IOSessionSSLDecorator(
            final IOSession session, 
            final SSLContext sslContext) {
...

Oleg


> Unfortunately, setCheckHostname( true ) won't work, since it happens
> after the socket is established.  (There's no nice way that I can
> think of to pass the hostname into the X509TrustManager).
> 
> yours,
> 
> Julius
> 
> 
> On 2/9/07, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
> > Folks,
> >
> > I am very likely to have my first cut at NIO SSL ready for review by the
> > end of this weekend. I would like to be able to commit this code to the
> > repository and ask the Synapse folks to take it for a spin and give me
> > some preliminary feedback.
> >
> > I proposed a Java5 specific module be created in HttpCore to contain NIO
> > SSL stuff and a few adapter classes for java.util.concurrent interfaces.
> > Apparently the idea was not well received by Roland and I have not heard
> > any strong opinions in favor of it from other committers. So, we are
> > kind of stuck. What do we do now? What are the alternatives?
> >
> > Oleg
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to