Re: Support JSS in Tomcat
Hi, I am working for Redhat and I dont think this is a problem of contributing the codes to the ASF. What kind of procedures I need to follow in order to submit my codes? thanks, Christine --- Bill Barker [EMAIL PROTECTED] wrote: - Original Message - From: Christine Ho [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org; [EMAIL PROTECTED] Sent: Friday, July 22, 2005 10:22 AM Subject: Re: Support JSS in Tomcat --- Bill Barker [EMAIL PROTECTED] wrote: I don't think that anybody is proposing bundling jss34.jar with Tomcat. It would be an optional dependency much like PureTLS is now. Anybody that wanted to use it would have to download it from mozilla.org and install it. And as Remy pointed out, Christine would have to agree to donate her code to the ASF, at which point it would be licensed under ASFL. I have no problem to donate the codes to the ASF. I just need the approval from my manager because the code is owned by the company. Since the code is owned by the company, you should probably take a look at http://www.apache.org/licenses/#grants. I'm not trying to be a hard-ass, it's just that I have an irrational fear of lawyers ;-). Besides jss.jar, people also need to download two shared libraries, nspr and nss from mozilla.org because JSS is not pure JAVA implementation. Christine My reading of MPL-1.1 (again IANAL) is that: import org.mozilla.some.package.SomeClass; isn't viral, so that there isn't any problem with having o.a.t.u.net.jss.JSSServerSocketFactory with an ASF license. This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
- Original Message - From: Christine Ho [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Wednesday, August 10, 2005 10:44 AM Subject: Re: Support JSS in Tomcat Hi, I am working for Redhat and I dont think this is a problem of contributing the codes to the ASF. What kind of procedures I need to follow in order to submit my codes? And just after I WONTFIXed Joe's bug report :(. It's likely that Redhat has a Corporate CLA on file with the ASF that would cover this. If so, then they just need to add your name to their contributer list (if it's not already there). It's likely that somebody at Redhat knows the relationship with ASF better than I do. All I know is that [EMAIL PROTECTED] is very active with httpd. Then all you have to do is to open an enhancement request at http://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%205 and add your code as one or more attachements. thanks, Christine This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
--- Bill Barker [EMAIL PROTECTED] wrote: I don't think that anybody is proposing bundling jss34.jar with Tomcat. It would be an optional dependency much like PureTLS is now. Anybody that wanted to use it would have to download it from mozilla.org and install it. And as Remy pointed out, Christine would have to agree to donate her code to the ASF, at which point it would be licensed under ASFL. I have no problem to donate the codes to the ASF. I just need the approval from my manager because the code is owned by the company. Besides jss.jar, people also need to download two shared libraries, nspr and nss from mozilla.org because JSS is not pure JAVA implementation. Christine My reading of MPL-1.1 (again IANAL) is that: import org.mozilla.some.package.SomeClass; isn't viral, so that there isn't any problem with having o.a.t.u.net.jss.JSSServerSocketFactory with an ASF license. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
- Original Message - From: Christine Ho [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org; [EMAIL PROTECTED] Sent: Friday, July 22, 2005 10:22 AM Subject: Re: Support JSS in Tomcat --- Bill Barker [EMAIL PROTECTED] wrote: I don't think that anybody is proposing bundling jss34.jar with Tomcat. It would be an optional dependency much like PureTLS is now. Anybody that wanted to use it would have to download it from mozilla.org and install it. And as Remy pointed out, Christine would have to agree to donate her code to the ASF, at which point it would be licensed under ASFL. I have no problem to donate the codes to the ASF. I just need the approval from my manager because the code is owned by the company. Since the code is owned by the company, you should probably take a look at http://www.apache.org/licenses/#grants. I'm not trying to be a hard-ass, it's just that I have an irrational fear of lawyers ;-). Besides jss.jar, people also need to download two shared libraries, nspr and nss from mozilla.org because JSS is not pure JAVA implementation. Christine My reading of MPL-1.1 (again IANAL) is that: import org.mozilla.some.package.SomeClass; isn't viral, so that there isn't any problem with having o.a.t.u.net.jss.JSSServerSocketFactory with an ASF license. This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
Christine Ho wrote: Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. First, the Tomcat portion of the code needs to be donated to the ASF. The code cannot import LGPL packages, but I don't know about MPL (I'd say it's ok). Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
- Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 3:03 AM Subject: Re: Support JSS in Tomcat Christine Ho wrote: Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. First, the Tomcat portion of the code needs to be donated to the ASF. The code cannot import LGPL packages, but I don't know about MPL (I'd say it's ok). MPL is listed as ok on http://wiki.apache.org/jakarta/LicenceIssues. Rémy This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
Bill Barker wrote: - Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 3:03 AM Subject: Re: Support JSS in Tomcat Christine Ho wrote: Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. First, the Tomcat portion of the code needs to be donated to the ASF. The code cannot import LGPL packages, but I don't know about MPL (I'd say it's ok). MPL is listed as ok on http://wiki.apache.org/jakarta/LicenceIssues. But it says in comments: (confirm. 1.0, 1.1 different?) Rémy This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
- Original Message - From: Jean-frederic Clere [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 11:33 AM Subject: Re: Support JSS in Tomcat Bill Barker wrote: - Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 3:03 AM Subject: Re: Support JSS in Tomcat Christine Ho wrote: Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. First, the Tomcat portion of the code needs to be donated to the ASF. The code cannot import LGPL packages, but I don't know about MPL (I'd say it's ok). MPL is listed as ok on http://wiki.apache.org/jakarta/LicenceIssues. But it says in comments: (confirm. 1.0, 1.1 different?) IANAL, but the relevant parts of 1.0 1.1 look the same. Of course, it's up to the Tomcat PMC to decide the policy on importing MPLed classes :). Rémy This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
Bill Barker wrote: - Original Message - From: Jean-frederic Clere [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 11:33 AM Subject: Re: Support JSS in Tomcat Bill Barker wrote: - Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 3:03 AM Subject: Re: Support JSS in Tomcat Christine Ho wrote: Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. First, the Tomcat portion of the code needs to be donated to the ASF. The code cannot import LGPL packages, but I don't know about MPL (I'd say it's ok). MPL is listed as ok on http://wiki.apache.org/jakarta/LicenceIssues. But it says in comments: (confirm. 1.0, 1.1 different?) IANAL, but the relevant parts of 1.0 1.1 look the same. Of course, it's up to the Tomcat PMC to decide the policy on importing MPLed classes :). The following worried me a little: http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200403.mbox/[EMAIL PROTECTED] Rémy This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
- Original Message - From: Jean-frederic Clere [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 2:53 PM Subject: Re: Support JSS in Tomcat Bill Barker wrote: - Original Message - From: Jean-frederic Clere [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 11:33 AM Subject: Re: Support JSS in Tomcat Bill Barker wrote: - Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, July 21, 2005 3:03 AM Subject: Re: Support JSS in Tomcat Christine Ho wrote: Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. First, the Tomcat portion of the code needs to be donated to the ASF. The code cannot import LGPL packages, but I don't know about MPL (I'd say it's ok). MPL is listed as ok on http://wiki.apache.org/jakarta/LicenceIssues. But it says in comments: (confirm. 1.0, 1.1 different?) IANAL, but the relevant parts of 1.0 1.1 look the same. Of course, it's up to the Tomcat PMC to decide the policy on importing MPLed classes :). The following worried me a little: http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200403.mbox/%3C [EMAIL PROTECTED] I don't think that anybody is proposing bundling jss34.jar with Tomcat. It would be an optional dependency much like PureTLS is now. Anybody that wanted to use it would have to download it from mozilla.org and install it. And as Remy pointed out, Christine would have to agree to donate her code to the ASF, at which point it would be licensed under ASFL. My reading of MPL-1.1 (again IANAL) is that: import org.mozilla.some.package.SomeClass; isn't viral, so that there isn't any problem with having o.a.t.u.net.jss.JSSServerSocketFactory with an ASF license. Rémy This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Support JSS in Tomcat
Hi, Tomcat 5.5.x supports JSSE only. I am working on web application which uses JSS (http://www.mozilla.org/projects/security/pki/jss/javadoc/) I need to run the web application on Tomcat 5.x. I implemented the JSSSocketFactory.java, JSSSupport.java etc in the new package called org.apache.tomcat.util.net.jss. I tried to specify the SocketFactory class in server.xml but it doesnt work. I thought we can do something like that: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.tomcat.util.net.jss.JSSServerSocketFactory clientAuth=false protocol=SSL/ /Connector It doesnt work at all. I looked at the source code and found out that SSLImplementationName is always null. Currently, I have to change the implementations array in SSLImplementation.java to include my implementation class which is JSSImplementationClass. Then recompiled the tomcat and it works. I just wonder if I overlook some of the configuration parameters in server.xml. If the server.xml in tomcat 5.5 does not support the Factory parameter, then I would like to modify the codes to support this feature. Therefore i dont need to recompile the tomcat to include my SSLServerSocketFactory implementation. Also I would like to contribute my codes for the JSS ServerSocketFactory implementation if you are interested. Christine Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
The Factory element is deprecated in TC 5.x. In particular, you can't use it to specify a SocketFactory. You pass the FQN of your SSLImplementation to the Connector with something like: Connector protocol=HTTP/1.1 port=8443 secure=true scheme=https sslProtocol=SSL sSLImplementation=org.apache.tomcat.util.net.jss.JSSImplementationClass / I'd be happy to review your implementation (assuming that the licensing is compatible with ASF) if you want to submit it. The easiest way is to open a BZ enhancement request and attach your code to that. - Original Message - From: Christine Ho [EMAIL PROTECTED] To: tomcat-dev@jakarta.apache.org Sent: Wednesday, July 20, 2005 4:54 PM Subject: Support JSS in Tomcat Hi, Tomcat 5.5.x supports JSSE only. I am working on web application which uses JSS (http://www.mozilla.org/projects/security/pki/jss/javadoc/) I need to run the web application on Tomcat 5.x. I implemented the JSSSocketFactory.java, JSSSupport.java etc in the new package called org.apache.tomcat.util.net.jss. I tried to specify the SocketFactory class in server.xml but it doesnt work. I thought we can do something like that: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.tomcat.util.net.jss.JSSServerSocketFactory clientAuth=false protocol=SSL/ /Connector It doesnt work at all. I looked at the source code and found out that SSLImplementationName is always null. Currently, I have to change the implementations array in SSLImplementation.java to include my implementation class which is JSSImplementationClass. Then recompiled the tomcat and it works. I just wonder if I overlook some of the configuration parameters in server.xml. If the server.xml in tomcat 5.5 does not support the Factory parameter, then I would like to modify the codes to support this feature. Therefore i dont need to recompile the tomcat to include my SSLServerSocketFactory implementation. Also I would like to contribute my codes for the JSS ServerSocketFactory implementation if you are interested. Christine Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Support JSS in Tomcat
Thanks. It works. JSS can be used under either Mozilla Public License (MPL) or LGPL. Is MPL or LGPL compatible with ASF license? The good thing about JSS is that it is FIPS-140 compliant. Christine --- Bill Barker [EMAIL PROTECTED] wrote: The Factory element is deprecated in TC 5.x. In particular, you can't use it to specify a SocketFactory. You pass the FQN of your SSLImplementation to the Connector with something like: Connector protocol=HTTP/1.1 port=8443 secure=true scheme=https sslProtocol=SSL sSLImplementation=org.apache.tomcat.util.net.jss.JSSImplementationClass / I'd be happy to review your implementation (assuming that the licensing is compatible with ASF) if you want to submit it. The easiest way is to open a BZ enhancement request and attach your code to that. - Original Message - From: Christine Ho [EMAIL PROTECTED] To: tomcat-dev@jakarta.apache.org Sent: Wednesday, July 20, 2005 4:54 PM Subject: Support JSS in Tomcat Hi, Tomcat 5.5.x supports JSSE only. I am working on web application which uses JSS (http://www.mozilla.org/projects/security/pki/jss/javadoc/) I need to run the web application on Tomcat 5.x. I implemented the JSSSocketFactory.java, JSSSupport.java etc in the new package called org.apache.tomcat.util.net.jss. I tried to specify the SocketFactory class in server.xml but it doesnt work. I thought we can do something like that: Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.tomcat.util.net.jss.JSSServerSocketFactory clientAuth=false protocol=SSL/ /Connector It doesnt work at all. I looked at the source code and found out that SSLImplementationName is always null. Currently, I have to change the implementations array in SSLImplementation.java to include my implementation class which is JSSImplementationClass. Then recompiled the tomcat and it works. I just wonder if I overlook some of the configuration parameters in server.xml. If the server.xml in tomcat 5.5 does not support the Factory parameter, then I would like to modify the codes to support this feature. Therefore i dont need to recompile the tomcat to include my SSLServerSocketFactory implementation. Also I would like to contribute my codes for the JSS ServerSocketFactory implementation if you are interested. Christine Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]