geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick McGuire (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (GERONIMO-3703) should allow custom SSL context for AsyncHttpClient
Date Thu, 13 Dec 2007 11:20:44 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick McGuire resolved GERONIMO-3703.
------------------------------------

    Resolution: Fixed

Committed revision 603885.

I've committed this patch, but there's something going on here with the connection reuse that's
nagging at me a little, but I can't convince myself there's a real problem.  

SSL context is provided by the request, and if there is no SSLFilter on the connection, one
is added.  At first glance, it seems like there is an exposure to either A) reusing a connection
that is filtering with an incorrect SSLContext from a previous request or B) reusing a connection
with an SSLFilter in place for a non-http connection.  I don't think either of these could
ever happen, given the realities of how SSL connections are used.  I think the only thing
that raised the issue was the test for whether the connection already had an SSLFilter in
place or not.  At that point, it seemed things could go astray, but I guess if the connection
is getting reused, then the characteristics are fixed anyway. 

> should allow custom SSL context for AsyncHttpClient
> ---------------------------------------------------
>
>                 Key: GERONIMO-3703
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3703
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: AsyncHttpClient
>    Affects Versions: 1.x
>            Reporter: Sangjin Lee
>            Priority: Critical
>         Attachments: 3703.patch
>
>
> Currently the SSLContext that's used to do https cannot be configured or customized.
 One needs to be able to create and pass in custom SSLContext to be able to use its own cert
directory, keystore file, etc.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message