"im dolor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > So then could I extend > org.apache.tomcat.util.net.JSSEImplementation to > create my own implementation and override the > getServerSocketFactory() to create one that uses my > custom trust manager? Does that sound right to you? >
Pretty much. You could probably extend the o.a.t.u.net.jsse classes as well (which makes it really easy to configure Tomcat to use your own TrustManager). > Will that only work with tomcat 5? Is there something > that I can do that will be compatible with both 4 and > 5? Our application is currently running on 4 but we > plan on moving to 5 in the (near?) future. > Both TC 4 and 5 use the same Connector code (and, for that matter, so does TC 3.3 :), so this is a one-size-fits-all project. The only difference is the configuration to use your class. The option is: sSLImplementation="com.myfirm.mypackage.MySSLImplementation". For TC 4, you set it on the Factory and for TC 5 you set it on the Connector. > Thanks for your help. > > > Monika. > > > --- Bill Barker <[EMAIL PROTECTED]> wrote: > > Firstly, the only SSLServerSocketFactory that > > actually does anything is the > > one for the deprecated HttpConnector in TC 4. With > > the CoyoteConnector, it > > is possible to plug in your own SSLImplementation > > (which, among other > > things, would allow you to install your own > > TrustManager), but most people > > find this to be too much work. > > > > Of course, if you want to implement your own > > SecurityProvider, than that is > > another means to install your own TrustManager ;-). > > > > "im dolor" <[EMAIL PROTECTED]> wrote in message > > > news:[EMAIL PROTECTED] > > > Hello, > > > > > > I would like to be able to use CRL checking in > > Tomcat. > > > I thought that I would implement my own trust > > manager > > > which would download the crl and check against it > > > every time the checkXXXTrusted method is called. > > > However, I do not see anywhere in the > > configuration > > > where it would be possible to cause Tomcat to use > > this > > > trust manager. I see that there is a parameter in > > the > > > connector to set the SSLServerSocket factory. I > > > suppose that I could implement my own socket > > factory > > > that used my own TrustManager. However, I see that > > the > > > dcoumentation calims that i must use the catalina > > > version of this class. Why is that? Can I change > > it? > > > > > > Thank you for your help. > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > Do you Yahoo!? > > > New and Improved Yahoo! Mail - 100MB free storage! > > > http://promotions.yahoo.com/new_mail > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - 50x more storage than other providers! > http://promotions.yahoo.com/new_mail --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
