Return-Path: 
 <dev-return-39737-apmail-harmony-dev-archive=harmony.apache.org@harmony.apache.org>
Delivered-To: apmail-harmony-dev-archive@www.apache.org
Received: (qmail 2633 invoked from network); 8 Sep 2010 14:10:00 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 8 Sep 2010 14:10:00 -0000
Received: (qmail 27506 invoked by uid 500); 8 Sep 2010 14:09:59 -0000
Delivered-To: apmail-harmony-dev-archive@harmony.apache.org
Received: (qmail 27242 invoked by uid 500); 8 Sep 2010 14:09:57 -0000
Mailing-List: contact dev-help@harmony.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@harmony.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@harmony.apache.org>
List-Post: <mailto:dev@harmony.apache.org>
List-Id: <dev.harmony.apache.org>
Reply-To: dev@harmony.apache.org
Delivered-To: mailing list dev@harmony.apache.org
Received: (qmail 27223 invoked by uid 99); 8 Sep 2010 14:09:56 -0000
Received: from Unknown (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Sep 2010 14:09:56 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FREEMAIL_FROM,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of oliver.deakin@googlemail.com
 designates 209.85.215.177 as permitted sender)
Received: from [209.85.215.177] (HELO mail-ey0-f177.google.com)
 (209.85.215.177)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Sep 2010 14:09:33 +0000
Received: by eye22 with SMTP id 22so68810eye.36
        for <dev@harmony.apache.org>; Wed, 08 Sep 2010 07:09:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=1qn0njdC/Wx9yjzZkadr/KWNDRX2WApkMwRU9adZhag=;
        b=FQ+SYEx4HhJmVVqu0iA5p17VqOC1+4II/SwDKDXPR8z82Tv4jOlCMpS5QeLsddCqon
         suQKloHLH/zozazrOldqQRNiTZs2TqctPtzybVesWDnqV+uRW2VLpjxWlDEKB13TUxqf
         tPPl+LBTjW+D4pb86vO31fjJC1jQqgyvPeG1A=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        b=PfoZNQOORrFUHTWMKGsBnUMDSXFIN7Fom8UQAXnSYCkwQdIUOcUhDZaSEbLWq572id
         FoIzP+bKejhp+QB56NTGpTvl3CCo05OID6AW+qEOJ6nZTZHGBnmwzoMt/PwQaFT7ylmC
         dwNDdiWFNzMO4TnhvD3LpdweSgNn3OsbCMjZA=
Received: by 10.213.8.138 with SMTP id h10mr133860ebh.49.1283954953076;
        Wed, 08 Sep 2010 07:09:13 -0700 (PDT)
Received: from [192.168.1.66] ([92.1.65.120])
        by mx.google.com with ESMTPS id z55sm97786eeh.21.2010.09.08.07.09.10
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Wed, 08 Sep 2010 07:09:10 -0700 (PDT)
Message-ID: <4C879905.5030206@googlemail.com>
Date: Wed, 08 Sep 2010 15:09:09 +0100
From: Oliver Deakin <oliver.deakin@googlemail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: dev@harmony.apache.org
Subject: Re: [classlib][x-net] Creating a provider based on OpenSSL
References: <4C447A1D.80702@googlemail.com>
In-Reply-To: <4C447A1D.80702@googlemail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

  An update on where I am so far with this. The implementations of the 
SSLSocket, SSLSession, SSLContext and their related classes are 
complete. The tests for these classes all pass for me now with my latest 
set of changes. I've started removing a lot of the classes that have 
been replaced by calling to OpenSSL. There are a few left, but these 
still have references from the SSLEngine implementation so I won't 
remove them until SSLEngineImpl is working. I think the SSLEngine 
implementation is the last piece of work required to have a full set of 
APIs, and I'm going to tackle that next.

I think these classes would benefit from more tests, but I'll turn my 
attention to that one the implementation is complete.

Regards,
Oliver

On 19/07/2010 17:15, Oliver Deakin wrote:
>  Hi all,
>
> I'm currently investigating the possibility of implementing a JSSE 
> provider wrapping OpenSSL. This has a couple of obvious advantages:
>  - The onus of code maintenance and bug fixing in a security sensitive 
> area is moved outside of Harmony.
>  - New protocols can be integrated into the Harmony provider with 
> minimal effort (updating dependencies rather than implementing them 
> ourselves).
>
> Really I'm sending this mail as a heads up, but would be interested to 
> know if anyone has any experience/opinions in this area. In 
> particular, I'd be interested in ideas on:
>  - the best way to setup OpenSSL as a dependency - precompile the 
> libraries and make them available for download or compile them at 
> build time on the user's machine.
>  - how to tie in the Java x-net APIs to the OpenSSL APIs.
>
> Any comments/suggestions welcome.
>
> Regards,
> Oliver
>

-- 
Oliver Deakin
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU