Return-Path: Delivered-To: apmail-incubator-cxf-user-archive@locus.apache.org Received: (qmail 61753 invoked from network); 14 Dec 2007 13:35:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Dec 2007 13:35:41 -0000 Received: (qmail 94210 invoked by uid 500); 14 Dec 2007 13:35:28 -0000 Delivered-To: apmail-incubator-cxf-user-archive@incubator.apache.org Received: (qmail 94164 invoked by uid 500); 14 Dec 2007 13:35:28 -0000 Mailing-List: contact cxf-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cxf-user@incubator.apache.org Delivered-To: mailing list cxf-user@incubator.apache.org Received: (qmail 94155 invoked by uid 99); 14 Dec 2007 13:35:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2007 05:35:28 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=FM_FAKE_HELO_VERIZON,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [206.46.252.48] (HELO vms048pub.verizon.net) (206.46.252.48) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2007 13:35:27 +0000 Received: from [192.168.1.3] ([72.93.84.188]) by vms048.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0JT100CWLKEE41C4@vms048.mailsrvcs.net> for cxf-user@incubator.apache.org; Fri, 14 Dec 2007 07:35:02 -0600 (CST) Date: Fri, 14 Dec 2007 08:34:11 -0500 From: Fred Dushin Subject: Re: My own TrustManager In-reply-to: <200712131612.33827.jiri.mikulasek@aura.cz> To: cxf-user@incubator.apache.org Message-id: <6D2A036C-C99B-440C-90CA-639195461136@dushin.net> MIME-version: 1.0 (Apple Message framework v752.3) X-Mailer: Apple Mail (2.752.3) Content-type: text/plain; charset=UTF-8; delsp=yes; format=flowed Content-transfer-encoding: quoted-printable References: <200712131612.33827.jiri.mikulasek@aura.cz> X-Virus-Checked: Checked by ClamAV on apache.org I'm pretty sure we won't be able to do this declaratively, at least =20 in the current code. You should have some avenues for doing this programmatically, =20 however. On the client side, see the HTTPConduitTest [1] in the CXF =20 systests. I'm a bit less certain about the server side, though it should be =20 possible (this was an initial design requirement). If you can get =20 your hands on the Destination, you can downcast it to a =20 JettyHTTPDestination, and from there you should be able to get the =20 JettyHTTPServerEngine, on which you can set a collection of TLS =20 parameters. There are some caveats, of course. For one, you probably need to do =20 this before publishing the endpoint -- you can't change TLS =20 parameters on an already-open socket. Also, these are all internal =20 types, which require a lot of casts down to implementation-specific =20 types. So you have no guarantee that these types will be supported =20 across changes to CXF. And this stuff is only relevant to using the =20 Jetty HTTP stack on the server side. YMMV with the servlet stack, or =20= anything else that comes down the pipe. Hope that helps. Let us know if this works. If it does, feel free =20 to contribute a test! Thanks, -Fred [1] https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/=20= test/java/org/apache/cxf/systest/http/HTTPConduitTest.java On Dec 13, 2007, at 10:12 AM, Bc. Ji=C5=99=C3=AD Mikul=C3=A1=C5=A1ek = wrote: > Hi all, > I need to add some spicific features to my SSL communictaion - so =20 > basically I > would like to implement my own TrustManager. > > But when using CXF the code suplying TrustManagers is not under my =20 > control. Is > there any way how to do it ofr CXF? > > thanks for any hints > --=20 > Jiri Mikulasek > --------------------------------- > Developer > > AURA, s.r.o. > Uvoz 499/56; 602 00 Brno > ISO 9001 certified company > AQAP 2110 (=C4=8COS 051622) > tel./fax: +420 544 508 115 > e-mail: mikulasek@aura.cz > http://www.aura.cz > --------------------------------- >