"Bill Barker" <[EMAIL PROTECTED]> writes:
> It compiles with or without JSSE, and runs fine without an SSL connector.
> However, I haven't actually gotten around to doing the whole keystore thing
> here, so the (big) one thing I haven't tried (yet) is to run it with an
> JSSE-SSL connection.
I just did a CVS update and checked it against PureTLS. It runs fine.
> The other thing that would be nice is to be able to access the SessionId,
> (via request.getAttribute("javax.servlet.request.ssl_session")). There is
> already optional support to validate HttpSession access against this for SSL
> sessions in 3.3.x. Currently it is only supported if you are connecting via
> Apache, but stand-alone (at least for PureTLS) would also be a nice feature.
That's certainly easy to add. I just didn't know what attribute string
to use since I didn't see it in the Servlet 2.3 spec. Which spec
is this string defined in?
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
