commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin van den Bemt <mll...@mvdb.net>
Subject Re: commons-ssl-0.3.4 alpha released
Date Thu, 30 Nov 2006 00:03:09 GMT
I asked to start a proposal on general@jakarta about this, that way we can have a discussion
on
where it should end up.. I'll await that proposal and to decrease confusion I like to ask
Julius to
withhold announcements for the time being.

Mvgr,
Martin

Henri Yandell wrote:
> Hi Julius,
> 
> What's the status with regards to this bit on the website:
> 
> "Commons-SSL was originally developed by Credit Union Central of
> British Columbia. It was donated to the Apache Software Foundation in
> August 2006 and is now slowly starting the Apache
> Incubation Policy."
> 
> In terms of the CLA - it doesn't look like you're an Apache committer
> yet. Was there a particular project you were joining when you sent the
> CLA?
> 
> In terms of the CCLA - have you requested a signed copy? I don't think
> they're sent by default. However I don't see a CCLA on record for
> CUBC.
> 
> I've no problem with this ending up in Commons someday - but so far
> this seems like something for which the subject should be more about
> Jakarta sponsoring in the Incubator, than starting in Commons-Sandbox.
> [I did the latter for CSV, and I think with hindsight it would have
> been better to go through the Incubator].
> 
> Hen
> 
> On 11/29/06, Julius Davies <juliusdavies@gmail.com> wrote:
>> Hi,
>>
>> I'm writing to announce the alpha release of commons-ssl-0.3.4.  I'm
>> writing to "commons-dev@jakarta.apache.org" because I think
>> commons-sandbox would be a great home for this library.  The library
>> itself is derived from some HttpClient code originally written by Oleg
>> Kalnichevski.
>>
>> http://juliusdavies.ca/commons-ssl/
>>
>>
>> Here are a few features of note:
>>
>> 1.  This library gives you the ability to read OpenSSL style private
>> keys using only pure Java.  It even works with Java 1.3.  I tried to
>> encrypt the same RSA private keys in as many ways as possible (106 so
>> far!) with OpenSSL to test this:
>>
>> http://juliusdavies.ca/commons-ssl/samples/rsa_result.html
>>
>> 2.  The library automatically does CRL checking.  (We hope to add
>> support for OCSP soon!).
>>
>> 3.  All options can be toggled on a per-socket-factory basis.  So for
>> one SSLSocketFactory you might have setCheckHostname( false ), and on
>> another you might have setCheckExpiry( false ) if you like.
>>
>> 4.  Can be dropped into any project easily because we extend
>> SSLSocketFactory and SSLServerSocketFactory.  For example, to use as
>> an "ldaps://" client you just define your own extremely basic
>> sub-class:
>>
>> =============================
>> package my.special.package;
>> public class LDAPSocketFactory extends SSLClient {
>>
>>   public static SocketFactory getDefault() { return instance; }
>>
>>   private final static LDAPSocket instance;
>>   static {
>>     try { instance = new LDAPSocket(); }
>>     catch ( Exception e ) { throw new RuntimeException( e ); }
>>   }
>>
>>   private LDAPSocket() throws GeneralSecurityException, IOException {
>>     TrustMaterial tm = new TrustMaterial(
>> "/path/to/corporate/ldap.pem" );
>>     setTrustMaterial( tm ); // We ONLY trust our "ldap.pem".  cacerts
>> ignored!
>>
>>     KeyMaterial km = new KeyMaterial( "/path/to/pkcs12.der",
>> "secret".toCharArray() );
>>     setKeyMaterial( km ); // Maybe our "ldaps://" requires client certs?
>>   }
>> }
>> =============================
>>
>> And then tell Java to use it like so:
>>
>> env.put( "java.naming.ldap.factory.socket",
>> "my.special.package.LDAPSocketFactory" );
>>
>> Java looks for the static getDefault() method when you provide a
>> SocketFactory like that to the LDAP stuff.
>>
>>
>> I already have a personal CLA on file with Apache.  I'm not sure
>> what's up with the Corporate CLA / Software Grant my employer (Credit
>> Union Central of British Columbia) sent in August.  Last time I
>> checked, CUCBC has yet to recieve a signed copy for their own records.
>>
>> -- 
>> yours,
>>
>> Julius Davies
>> 416-652-0183
>> http://juliusdavies.ca/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message