Or even better, in SSLInterceptor. No need to change Request
or the core -
if it can be done in a module, it's better to do it this way.
A la mod_ssl :)
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On 14 Nov 2001, Eric Rescorla wrote:
Well, I suppose that since JDK 1.1.x didn't stop you from putting
classes in java. I could do my own version of
java.security.cert.X509Certificate. A little gross but perhaps
the best plan. The alternative is to blatantly
I was thinking of moving it to Http10Interceptor.getInfo, but otherwise that
was more or less what I was thinking.
- Original Message -
From: jean-frederic clere [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Friday, November 16, 2001 3:10 AM
Subject: Re: Portable
William Barker [EMAIL PROTECTED] writes:
I was thinking of moving it to Http10Interceptor.getInfo, but otherwise that
was more or less what I was thinking.
Actually, ISTM that eventually this belongs in Request.getInfo(), since
that allows the use of SSLSupport with Ajp as well. For the
On 16 Nov 2001, Eric Rescorla wrote:
William Barker [EMAIL PROTECTED] writes:
I was thinking of moving it to Http10Interceptor.getInfo, but otherwise that
was more or less what I was thinking.
Actually, ISTM that eventually this belongs in Request.getInfo(), since
that allows the use of
Developers List [EMAIL PROTECTED]
Sent: Friday, November 16, 2001 1:42 PM
Subject: Re: Portable SSL Support
William Barker [EMAIL PROTECTED] writes:
I was thinking of moving it to Http10Interceptor.getInfo, but otherwise
that
was more or less what I was thinking.
Actually, ISTM that eventually
+1
- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]; EKR
[EMAIL PROTECTED]
Sent: Friday, November 16, 2001 1:53 PM
Subject: Re: Portable SSL Support
On 16 Nov 2001, Eric Rescorla wrote:
William Barker [EMAIL PROTECTED] writes:
I
Speed [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Wednesday, November 14, 2001 11:39 AM
Subject: Re: Portable SSL Support
Eric Rescorla wrote:
[snip]
To be consistant with 2.3 containers, I'd go with individually named
attributes.
Fine with me
Eric Rescorla wrote:
Eric Rescorla wrote:
jean-frederic clere [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
With JDK 1.1.x and AJP a null is returned.
With JDK 1.1.x should the CC be returned as a String? (I thought it was).
It's certainly not in the JSSE code I was
On Thu, 15 Nov 2001, jean-frederic clere wrote:
Yes, but the question is what does it costs to setAttribute each time we process
a request even if the servlet does not do a getAttribute.
Yes, this is a good point. This suggests that we ought to just
expose SSLSupport as a single
On Wed, 14 Nov 2001, Paul Speed wrote:
Eric Rescorla wrote:
[snip]
To be consistant with 2.3 containers, I'd go with individually named
attributes.
Fine with me. Anyone object to this?
-Ekr
I'm confused. Is this for Tomcat 3.x or Tomcat 4.x? I thought it
was the former,
On 14 Nov 2001, Eric Rescorla wrote:
Well, I suppose that since JDK 1.1.x didn't stop you from putting
classes in java. I could do my own version of
java.security.cert.X509Certificate. A little gross but perhaps
the best plan. The alternative is to blatantly violate the spec
in 1.1 and just
Eric Rescorla wrote:
[EMAIL PROTECTED] writes:
Setting the socketFactory can force one behavior or another, but for
'regular' users it should be possible to just set secure and the code
to detect what is available and use it.
I can do this.
IMHO it's a mistake to rely on that
jean-frederic clere [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
[EMAIL PROTECTED] writes:
One simple workaround could be to abstract acceptSocket() too ( i.e. make
it a method in ServerSocketFactory or SSLSupport).
Yes, we could do that. It's a little ugly but it avoids having a
William Barker [EMAIL PROTECTED] writes:
If you decide on 2a, like Costin, I'd prefer it as a property of the
SocketFactory (the base class can return null, since Ajp1x would use it's
own mechanism) rather than an interface. However, it's your call.
I ended up doing more or less what I
jean-frederic clere [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
A few issues remain:
(I) Is portability to JDK 1.1.x desirable/a requirement? Both the
existing JSSE code and my new code rely upon java.security.cert.*
which was introduced in JDK 1.2. Both JSSE and PureTLS provide more
- Original Message -
From: Eric Rescorla [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, November 14, 2001 9:17 AM
Subject: Re: Portable SSL Support
jean-frederic clere [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
A few
William Barker [EMAIL PROTECTED] writes:
jean-frederic clere [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
A few issues remain:
(I) Is portability to JDK 1.1.x desirable/a requirement? Both the
existing JSSE code and my new code rely upon java.security.cert.*
which was
Eric Rescorla wrote:
As discussed on the list previously, I'm working on changing the SSL
interfaces in Tomcat to make them more portable to various SSL
toolkits, in particular PureTLS. In the process I've run into some
issues that I wanted to run by the list.
1. I don't see how to make
jean-frederic clere [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
As discussed on the list previously, I'm working on changing the SSL
interfaces in Tomcat to make them more portable to various SSL
toolkits, in particular PureTLS. In the process I've run into some
issues that I
On Mon, 12 Nov 2001, Eric Rescorla wrote:
1. I don't see how to make the switch-hit via a configuration file in
3.3. If you set the secure variable for your virtual server,
PoolTCPConnector tries to load the class named in socketFactoryName,
or, if null, the class named in SSL_FACT
[EMAIL PROTECTED] writes:
Setting the socketFactory can force one behavior or another, but for
'regular' users it should be possible to just set secure and the code
to detect what is available and use it.
I can do this.
IMHO it's a mistake to rely on that behavior since it's kind of a
]
Sent: Tuesday, November 13, 2001 8:52 AM
Subject: Re: Portable SSL Support
3. Originally I'd intended to have ServerSockets return a class
that subclassed SSLSupport. E.g.
class PureTLSSSLSocket extends SSLSocket implements SSLSupport {
...
}
Unfortunately, as I should have seen
23 matches
Mail list logo