harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Deakin <oliver.dea...@googlemail.com>
Subject Re: [classlib][x-net] Creating a provider based on OpenSSL
Date Mon, 02 Aug 2010 10:08:36 GMT
  I've made a little progress with this in my local workspace, but I'd 
like to get the work out into the community so everyone can see it. To 
this end I've created a temporary branch [1] under which I will be 
committing changes as I go. I figured this was the easiest thing so I 
can reorganise things, break the build etc. without disturbing our main 

So far I've got the following:
  - I'm passing some of the relevant certs/keys down to native code and 
then into OpenSSL. I'm not 100% sure what I've done with this is right 
so far, but it's work in progress!
  - OpenSSL is performing the SSL handshake and, at least for a simple 
client-server case, is succeeding with the certs passed from Java.
  - I've modified the read/write methods on SSLSocketImpl to make calls 
through natives into OpenSSL and they seem to be working. It's a little 
bit hacked at the moment because I'm working from the starting point of 
the JSSE implementation we already have, but the fact it works at least 
verifies that the connection has been successfully made and OpenSSL has 
been configured correctly.

I'll be committing these changes to the sandbox I've just created soon. 
Please feel free to check out the tree and take a look/submit patches if 
you like :) Things I still need to investigate are:
  - Is the method I've used to pass down certs to OpenSSL sufficient?
  - Reads from the socket are 1 byte at a time at the moment(!) - this 
needs to be altered to use the OpenSSL calls more efficiently.
  - How do I tell OpenSSL to use the Java SecureRandom implementation 
rather than its own random number generator? Via an OpenSSL ENGINE?
  - What's the best way to get/build the OpenSSL dependency?

Any comments/suggestions are welcome!


[1] https://svn.apache.org/repos/asf/harmony/enhanced/java/branches/omd

On 19/07/2010 17:15, Oliver Deakin wrote:
>  Hi all,
> I'm currently investigating the possibility of implementing a JSSE 
> provider wrapping OpenSSL. This has a couple of obvious advantages:
>  - The onus of code maintenance and bug fixing in a security sensitive 
> area is moved outside of Harmony.
>  - New protocols can be integrated into the Harmony provider with 
> minimal effort (updating dependencies rather than implementing them 
> ourselves).
> Really I'm sending this mail as a heads up, but would be interested to 
> know if anyone has any experience/opinions in this area. In 
> particular, I'd be interested in ideas on:
>  - the best way to setup OpenSSL as a dependency - precompile the 
> libraries and make them available for download or compile them at 
> build time on the user's machine.
>  - how to tie in the Java x-net APIs to the OpenSSL APIs.
> Any comments/suggestions welcome.
> Regards,
> Oliver

Oliver Deakin
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

View raw message