"Bill Barker" <[EMAIL PROTECTED]> writes: > It compiles with or without JSSE, and runs fine without an SSL connector. > However, I haven't actually gotten around to doing the whole keystore thing > here, so the (big) one thing I haven't tried (yet) is to run it with an > JSSE-SSL connection. I just did a CVS update and checked it against PureTLS. It runs fine.
> The other thing that would be nice is to be able to access the SessionId, > (via request.getAttribute("javax.servlet.request.ssl_session")). There is > already optional support to validate HttpSession access against this for SSL > sessions in 3.3.x. Currently it is only supported if you are connecting via > Apache, but stand-alone (at least for PureTLS) would also be a nice feature. That's certainly easy to add. I just didn't know what attribute string to use since I didn't see it in the Servlet 2.3 spec. Which spec is this string defined in? -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>