If it is possible, I want to ask whether you have estimation about when version 1.0.1 could be production ready, I just want to know an estimation to arrange my planes with it.
asankha wrote: > > Hi Legolas >> Apache Synapse is a good project and I am planing to use synapse for a >> project and I want to vote for minor release model that was suggested, I >> mean it would be good to have 1.0.1, 1.0.2, and so on. >> > Cool.. I agree and I think we will be heading in that path soon with a > 1.0.1 with some minor fixes and performance improvements etc. >> A feature that I want to vote for is mutual authentication using digital >> certifications (SSL mutual authentication). >> Let me explain what do i mean by ssl mutual authentication: >> with my reading and researches it means that we have a certDB in server >> side (Synapse side) and it contain one or more CA's certifications and in >> client side we have a certification signed by one of those CA's . now >> when a >> client want to connect to Synapse Synapse can check to see whether the >> client has a certification signed by one of those CA's which are present >> in >> its certDB or not. if it is singed by one of them then Synapse will >> answer >> otherwise it will not. >> > We already do have this support in the 1.0 release, but this is disabled > by default. If you setup your certificate stores (defaults are trust.jks > and identity.jks) properly and uncomment the "<parameter > name="SSLVerifyClient">require</parameter>" from the axis2.xml's https > transport listener configuration, it will do exactly what you have > explained. >> Also there should be some mechanism not to allow all clients with such >> certification to connect to the server (I do not know how we should do >> this). >> > I agree.. let me check with the HttpCore project how this may be > possible.. thanks for suggesting this >> Also In client side we should have some mechanism to check and see >> whether >> we are connecting to a server which has correct certification or not (I >> think we can do this by assigning a certification to synapse and adding >> the >> issuer CA which issued synapse certification to client JKS file), is it >> correct? >> > Right now we support hostname verification. Again this is commented by > default on the axis2.xml's https transport sender configuration. > "<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>" If > you specify strict, the host name verification would be performed. > > asankha > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Features-for-1.1-release-tf4012032.html#a11500912 Sent from the Synapse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
