directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <>
Subject RE: About the status of not-so-commons-ssl
Date Sun, 13 Dec 2015 08:23:55 GMT
Thanks Emmanuel for the asking. Let me extract some texts from here

The following two features are to be leveraged by implementing PKINIT:

    Support more file formats, and support these formats more robustly.

        commons-ssl supports over 50 formats of PKCS8 and OpenSSL Encrypted Private Keys in
        X.509 Certificates can be PEM or DER encoded. Can also come in PKCS7 chains. (To be
fair, Java always supported this.)
        PKCS12 files can be in PEM (as created by openssl pkcs12).
        Parsing of Base64-PEM is more tolerant of extra whitespace or comments, especially
outside the Base64 sections.

    Automatically detect type of KeyMaterial or TrustMaterial. Consumer does not need to know
whether keystore is PKCS12 or JKS. They just need to know the password to decrypt the private

Please note: 
1. The not-so-commons-ssl library is AL 2.0 licensed;
2. Kerby avoids the BC dependency in production codes, though users can inject the BC crypto
provider themselves;
3. Our version of the SSL library has removed the SSL support part and got away with external
dependencies like BC, thus of much less codes now.


-----Original Message-----
From: Emmanuel Lécharny [] 
Sent: Sunday, December 13, 2015 12:54 PM
To: Apache Directory Developers List <>
Subject: Re: About the status of not-so-commons-ssl

Le 13/12/15 00:19, Zheng, Kai a écrit :
> Hi,
> Is there anyone that knows the incubating status of the not so commons ssl project? I
searched quite a while but don't find it.

6 years old proposal. Dead in the water, IMHO.
> I'm considering how to deal with the forked source codes maintained in pkinit-support
branch. This is a thing when merge the branch to trunk.
> The options are, either evolving based on our forked base towards the way desired by
Kerby or, contribute to the project and push what Kerby desired things into it.

What exactly are you using commons-ssl for ? Is there anything you can't do with Bouncy-Castle,
which is maintained and AL.2.0 compatible ?

View raw message