Re: SSL + Virtual Hosts and Issue #489?

Hello, Following the changes in the way Components can be configured (latest subversion revisions), configuring SSL to use an SslContextFactory is now possible this way: 1. Using the DefaultSslContextFactory: component xmlns=http://www.restlet.org/schemas/1.1/Component;

RE: SSL + Virtual Hosts and Issue #489?

juillet 2008 17:48 À : discuss@restlet.tigris.org Objet : Re: SSL + Virtual Hosts and Issue #489? Alex Milowski wrote: On Wed, Jul 16, 2008 at 2:32 AM, Jerome Louvel [EMAIL PROTECTED] wrote: Hi Alex, I have added a paragraph on Confidentiality in the Securing applications page covering

RE: SSL + Virtual Hosts and Issue #489?

. I'll reply to his mail separately. Best regards, Jerome -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alex Milowski Envoyé : vendredi 18 juillet 2008 15:59 À : discuss@restlet.tigris.org Objet : Re: SSL + Virtual Hosts and Issue #489? On Wed, Jul 16

Re: SSL + Virtual Hosts and Issue #489?

On Wed, Jul 16, 2008 at 2:32 AM, Jerome Louvel [EMAIL PROTECTED] wrote: Hi Alex, I have added a paragraph on Confidentiality in the Securing applications page covering this topic: http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-rest let.html At some point, it might

Re: SSL + Virtual Hosts and Issue #489?

Alex Milowski wrote: On Wed, Jul 16, 2008 at 2:32 AM, Jerome Louvel [EMAIL PROTECTED] wrote: Hi Alex, I have added a paragraph on Confidentiality in the Securing applications page covering this topic: http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-rest let.html At

RE: SSL + Virtual Hosts and Issue #489?

-Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alex Milowski Envoyé : mardi 15 juillet 2008 17:14 À : discuss@restlet.tigris.org Objet : Re: SSL + Virtual Hosts and Issue #489? On Sat, Jul 12, 2008 at 5:51 AM, Jerome Louvel [EMAIL PROTECTED] wrote: Hi

Re: SSL + Virtual Hosts and Issue #489?

On Sat, Jul 12, 2008 at 5:51 AM, Jerome Louvel [EMAIL PROTECTED] wrote: Hi Alex and Bruno, My understanding is that Alex wants this: - a single server socket accepting all HTTP requests - several SSL certificates selected depending on the matching virtual host I think this can't be done

RE: SSL + Virtual Hosts and Issue #489?

-Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : jeudi 10 juillet 2008 13:58 À : discuss@restlet.tigris.org Objet : Re: SSL + Virtual Hosts and Issue #489? Hi all, Bruno Harbulot wrote: 1. We assume there's going to be a single SSLContext common

Re: SSL + Virtual Hosts and Issue #489?

Hi all, Bruno Harbulot wrote: 1. We assume there's going to be a single SSLContext common to all servers of the component created via an SslContextFactory (it's set up in the Context of the Component). In theory, it should be possible to set up the SSLContext to use a custom X509KeyManager

Re: SSL + Virtual Hosts and Issue #489?

Hi Alex, Alex Milowski wrote: On Thu, Jul 3, 2008 at 2:36 PM, Bruno Harbulot [EMAIL PROTECTED] wrote: There can only be one certificate per IP address (unless using a different port), thus one certificate per connector. (An exception to this would be to use something like what GnuTLS does [1],

Re: SSL + Virtual Hosts and Issue #489?

Bruno Harbulot wrote: 2. We can set up two different Contexts for the two servers, using something along these lines: Component component = new Component(); Server server1 = new Server(Protocol.HTTPS, host1.example.org, 8443, null); Server server2 = new Server(Protocol.HTTPS,

Re: SSL + Virtual Hosts and Issue #489?

On Thu, Jul 3, 2008 at 2:36 PM, Bruno Harbulot [EMAIL PROTECTED] wrote: There can only be one certificate per IP address (unless using a different port), thus one certificate per connector. (An exception to this would be to use something like what GnuTLS does [1], but I've never seen it used

RE: SSL + Virtual Hosts and Issue #489?

, more likely part of Restlet 1.2. Best regards, Jerome -Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : mercredi 2 juillet 2008 16:45 À : discuss@restlet.tigris.org Objet : Re: SSL + Virtual Hosts and Issue #489? Hi Alex, I'll start

Re: SSL + Virtual Hosts and Issue #489?

On Wed, Jul 2, 2008 at 7:45 AM, Bruno Harbulot [EMAIL PROTECTED] wrote: Hi Alex, Any particular reason why you would need two pairs of private key/certificates in the same keystore in practice? If you want to use two certificates, you're going to have to configure two connectors anyway, so

Re: SSL + Virtual Hosts and Issue #489?

Hi Alex, Alex Milowski wrote: On Wed, Jul 2, 2008 at 7:45 AM, Bruno Harbulot [EMAIL PROTECTED] wrote: Hi Alex, Any particular reason why you would need two pairs of private key/certificates in the same keystore in practice? If you want to use two certificates, you're going to have to

Re: SSL + Virtual Hosts and Issue #489?

Hi Alex, I'll start with the short answer: the workaround you're using, which consists of putting a single pair of key/certificate (with associated chain of certificates perhaps) per keystore, seems to be the most practical solution. That's what I do, personally. I find it easier to manage