commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <>
Subject commons-ssl-0.3.4 alpha released
Date Wed, 29 Nov 2006 15:50:57 GMT

I'm writing to announce the alpha release of commons-ssl-0.3.4.  I'm
writing to "" because I think
commons-sandbox would be a great home for this library.  The library
itself is derived from some HttpClient code originally written by Oleg

Here are a few features of note:

1.  This library gives you the ability to read OpenSSL style private
keys using only pure Java.  It even works with Java 1.3.  I tried to
encrypt the same RSA private keys in as many ways as possible (106 so
far!) with OpenSSL to test this:

2.  The library automatically does CRL checking.  (We hope to add
support for OCSP soon!).

3.  All options can be toggled on a per-socket-factory basis.  So for
one SSLSocketFactory you might have setCheckHostname( false ), and on
another you might have setCheckExpiry( false ) if you like.

4.  Can be dropped into any project easily because we extend
SSLSocketFactory and SSLServerSocketFactory.  For example, to use as
an "ldaps://" client you just define your own extremely basic

package my.special.package;
public class LDAPSocketFactory extends SSLClient {

  public static SocketFactory getDefault() { return instance; }

  private final static LDAPSocket instance;
  static {
    try { instance = new LDAPSocket(); }
    catch ( Exception e ) { throw new RuntimeException( e ); }

  private LDAPSocket() throws GeneralSecurityException, IOException {
    TrustMaterial tm = new TrustMaterial( "/path/to/corporate/ldap.pem" );
    setTrustMaterial( tm ); // We ONLY trust our "ldap.pem".  cacerts ignored!

    KeyMaterial km = new KeyMaterial( "/path/to/pkcs12.der",
"secret".toCharArray() );
    setKeyMaterial( km ); // Maybe our "ldaps://" requires client certs?

And then tell Java to use it like so:

env.put( "java.naming.ldap.factory.socket",
"my.special.package.LDAPSocketFactory" );

Java looks for the static getDefault() method when you provide a
SocketFactory like that to the LDAP stuff.

I already have a personal CLA on file with Apache.  I'm not sure
what's up with the Corporate CLA / Software Grant my employer (Credit
Union Central of British Columbia) sent in August.  Last time I
checked, CUCBC has yet to recieve a signed copy for their own records.


Julius Davies

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message