Return-Path: Delivered-To: apmail-geronimo-activemq-users-archive@www.apache.org Received: (qmail 80522 invoked from network); 21 Apr 2006 06:43:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 21 Apr 2006 06:43:04 -0000 Received: (qmail 54810 invoked by uid 500); 21 Apr 2006 06:43:00 -0000 Delivered-To: apmail-geronimo-activemq-users-archive@geronimo.apache.org Received: (qmail 54793 invoked by uid 500); 21 Apr 2006 06:43:00 -0000 Mailing-List: contact activemq-users-help@geronimo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: activemq-users@geronimo.apache.org Delivered-To: mailing list activemq-users@geronimo.apache.org Received: (qmail 54781 invoked by uid 99); 21 Apr 2006 06:43:00 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Apr 2006 23:43:00 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [193.96.150.26] (HELO itchy.airbus.de) (193.96.150.26) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Apr 2006 23:42:58 -0700 Received: from de0-mailsp02.res.airbus.corp (unknown [44.159.50.177]) by itchy.airbus.de (Postfix) with ESMTP id 68D8B24032F for ; Fri, 21 Apr 2006 08:34:35 +0200 (CEST) Received: from de0-mailsp02.res.airbus.corp (localhost.localdomain [127.0.0.1]) by de0-mailsp02.res.airbus.corp (8.12.11/8.12.10) with ESMTP id k3L6gNuF000987 for ; Fri, 21 Apr 2006 08:42:23 +0200 Received: from de0-mailrt10.res.airbus.corp ([44.159.50.164]) by de0-mailsp02.res.airbus.corp (8.12.11/8.12.10) with ESMTP id k3L6g39a000728 for ; Fri, 21 Apr 2006 08:42:21 +0200 Received: from de0-mailrt01.res.airbus.corp ([44.159.50.162]) by de0-mailrt10.res.airbus.corp with Microsoft SMTPSVC(5.0.2195.6713); Fri, 21 Apr 2006 08:41:25 +0200 Received: from de0-mailmb02.res.airbus.corp ([44.159.50.152]) by de0-mailrt01.res.airbus.corp with Microsoft SMTPSVC(5.0.2195.6713); Fri, 21 Apr 2006 08:41:25 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: AW: SSL with client authentification? Date: Fri, 21 Apr 2006 08:41:24 +0200 Message-ID: <001FD7EB9646934B9237F09DE8E1F07C020CFDC8@DE0-MAILMB02.res.airbus.corp> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: SSL with client authentification? Thread-Index: AcZkjKeHufOD4OSaTtu1u9mfbDaZsAAgc1qQ From: "Gerdes, Mike" To: X-OriginalArrivalTime: 21 Apr 2006 06:41:25.0333 (UTC) FILETIME=[9C53E850:01C6650E] X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I am with James on this. But the whole idea with teh socket.options stuff= sounds nice. So just go ahead. -----Urspr=FCngliche Nachricht----- Von: James Strachan [mailto:james.strachan@gmail.com] Gesendet: Donnerstag, 20. April 2006 17:11 An: activemq-users@geronimo.apache.org Betreff: Re: SSL with client authentification? On 4/20/06, Hiram Chirino wrote: > Hi Mike, > > Thanks for the info! So all the real magic is in: > ((SSLSocket)socket).setNeedClientAuth(needClientAuth) and > ((SSLSocket)socket).setWantClientAuth(wantClientAuth); > > I'm going to apply a patch so you can do this and also set any other > properties on the socket. First off, when binding a tcp transport, > you will be able to use "transport." prefix on properties to configure > the options on the transports the connector creates. Secondly, you > will be able to configure options on transport's the socket using the > "socket." prefix on the transport options. > > So if you need clientAuth on the sockets created by ssl transport > connector, you would use: > ssl://localhost:616167?transport.socket.needClientAuth=3Dtrue Isn't 'transport.' superflous? i.e. ssl is a transport, so can't we just= use ssl://localhost:616167?socket.needClientAuth=3Dtrue > If this is OK with you, I'll go a head and commit the change. I was just about to apply this patch - so I'll leave it to you :). It certainly sounds like your patch is a bit more extensible to other kinds of socket/socketfactory -- James ------- http://radio.weblogs.com/0112098/ This mail has originated outside your organization, either from an external partner or the Global Internet. Keep this in mind if you answer this message. This mail has originated outside your organization, either from an external= partner or the Global Internet. Keep this in mind if you answer this= message.