activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerdes, Mike" <Mike.Ger...@airbus.com>
Subject AW: SSL with client authentification?
Date Fri, 21 Apr 2006 06:41:24 GMT

I am with James on this. But the whole idea with teh socket.options stuff sounds nice. So
just go ahead.

-----Urspr√ľngliche Nachricht-----
Von: James Strachan [mailto:james.strachan@gmail.com]
Gesendet: Donnerstag, 20. April 2006 17:11
An: activemq-users@geronimo.apache.org
Betreff: Re: SSL with client authentification?



On 4/20/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> Hi Mike,
>
> Thanks for the info!  So all the real magic is in:
> ((SSLSocket)socket).setNeedClientAuth(needClientAuth) and
> ((SSLSocket)socket).setWantClientAuth(wantClientAuth);
>
> I'm going to apply a patch so you can do this and also set any other
> properties on the socket.  First off, when binding a tcp transport,
> you will be able to use "transport." prefix on properties to configure
> the options on the transports the connector creates.  Secondly, you
> will be able to configure options on transport's the socket using the
> "socket." prefix on the transport options.
>
> So if you need clientAuth on the sockets created by ssl transport
> connector, you would use:
> ssl://localhost:616167?transport.socket.needClientAuth=true

Isn't 'transport.' superflous? i.e. ssl is a transport, so can't we just use

ssl://localhost:616167?socket.needClientAuth=true


> If this is OK with you, I'll go a head and commit the change.

I was just about to apply this patch - so I'll leave it to you :). It
certainly sounds like your patch is a bit more extensible to other
kinds of socket/socketfactory

--

James
-------
http://radio.weblogs.com/0112098/



This mail has originated outside your organization,
either from an external partner or the Global Internet.
Keep this in mind if you answer this message.

This mail has originated outside your organization, either from an external partner or the
Global Internet. Keep this in mind if you answer this message.

Mime
View raw message