directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod Panicker (JIRA)" <>
Subject [jira] Commented: (DIRMINA-40) Filter API needs callback for enabled notification
Date Wed, 25 May 2005 14:33:54 GMT
     [ ]
Vinod Panicker commented on DIRMINA-40:

This fix doesn't work in required circumstances.

Basically this depends on one of the endpoints writing some data on to the session to start
the ssl/tls handshake process.

According to the SSL/TLS RFC, the client initiates the handshake process. If the handshake
fails for some reason, the connection is typically terminated.

In the case of the MINA SSLFilter, the handshake can begin only when one of the entities writes
data to the session.  And if the server writes data first, that data is never sent across
since the handshake is pending.  In other words, it becomes imperative that the client send
some data first. If the application protocol mandates that the server first write some data,
the MINA SSLFilter won't work.

The only good fix would be to move the handshake process into an init() method that would
get called automatically when the filter is applied.  destroy() should also be provided to
remove any sensitive information that is stored.  Also, the filter should have a callback
mechanism by way of which it can notify the handler that the initialization process is complete
and actual data transmission can take place.  This would be required for proper error handling
in the application protocol.

> Filter API needs callback for enabled notification
> --------------------------------------------------
>          Key: DIRMINA-40
>          URL:
>      Project: Directory MINA
>         Type: Improvement
>     Versions: 0.7, 0.7.1
>  Environment: All
>     Reporter: Vinod Panicker
>     Assignee: Trustin Lee
>     Priority: Blocker
>      Fix For: 0.9

> The Filter api currently assumes that it would be applied only on unopened sessions.
 Eg - the SSL filter currently starts its work on the sessionOpened() callback.  This is an
incorrect assumption since the SSL filter could be applied on an existing plain TCP connection
as well.
> It would be great if there were new callbacks defined  - something like filterEnabled()
and filterDisabled()
> This would allow us to use the filters on existing sessions as well.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message