hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: attempt at implementing "commons-ssl"
Date Fri, 05 May 2006 10:22:29 GMT
On Fri, 2006-05-05 at 02:11 -0700, Julius Davies wrote:
> Hi, Httpclient,
> 
> Thanks for the kind words, Odi, Oleg, Sebb - and thanks for looking at the code!
> 
> I read the link Oleg provided [1], and Sebb has a point - I think I need myself and my
employer to fill out these two forms and fax them in:
> 
> http://www.apache.org/licenses/cla-corporate.txt
> 
> http://www.apache.org/licenses/icla.txt
> 
> I'll try and get that done soon - hopefully it won't take more than two weeks.
> 
> 
> Personally right now I prefer the idea of a separate "Commons" project.  Would anyone
like to put this code inside the "Commons-Sandbox"?  I'm leaning this way for three reasons
- 
> 

Julius,

Any potential Commons project aspiring to be put in the sandbox still
needs to go through the proposal and approval phases. Presently there
are too many dormant projects in sandbox that were pretty much dead on
arrival from the day one, mainly because they were all one-man projects.
One can expect The Jakarta PMC to be more stringent in assessing the
merits of Sandbox proposals in the future, given the realization that in
its present form Commons Sandbox is more like a burial ground than a
proving ground. 

First of all, running a whole Jakarta project will require a lot of
dedication on your part. At the very least you need to be prepared to
stick around until the project manages to attract at the very least 4
regular contributors (committers). Otherwise, it will inevitably join a
merry row of corpses in the Sandbox.

This is not to discourage you, just to give you a strong incentive to
put enough efforts into the planning phase of your project.

In many ways donating code to an existing project is significantly
easier because it will immediately enjoy a greater visibility and
support from actual project committers and be exposed to an existing
community of users. It is significantly easier to spin off a piece of
code into a project of its own if its has been a part of another Jakarta
project for some time.

Commons Net may indeed be another potential home for your code.

Anyways, please do start off by singing the CLA and getting your
employer to sign the corporate CLA. This is pretty much a prerequisite
for adopting your code _anywhere_ within Jakarta.

Cheers

Oleg


> 1.  I see some activity in commons-net recently about implementing SFTP - and I think
tihs code could help there.  (Mind you - they've done a pretty good job already by the look
of things!)
> 
> 2.  I am somewhat vain and dream of one day having a jar file I helped create sit in
tomcat/server/lib.
> 
> 3.  I *really* like typing "java -jar commons-ssl.jar" to use that ssl-ping utility.
 But this would require a permanent stealing of Base64 :-(
> 
> [I already use that ssl-ping utility at least one or two times a week!]
> 
> 
> But I would also hate to create ANOTHER jar file dependency for httpclient - so I'm torn.
 We could always put this code inside HTTPComponents for now, and split it out later into
a separate sub-project if that made sense at some future time.  Could we maybe have a vote?
> 
> Once the faxes of the "Contributor Licenses" are in, I will send in a JIRA bugreport.
> 
> 
> yours,
> 
> Julius
> 
> 
> 
> 
> 
> -----Original Message-----
> From:	Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent:	Thu 5/4/2006 1:18 AM
> To:	HttpClient Project
> Cc:	
> Subject:	Re: attempt at implementing "commons-ssl"
> 
> On Wed, 2006-05-03 at 17:25 -0700, Julius Davies wrote:
> > Hi, Httpclient,
> > 
> > My employer (Credit Union Central of British Columbia) has given me
> > permission to donate some code to Apache.  This code comes from my
> > earlier attempt on this list to get HTTPClient to accept self-signed
> > certificates.
> > 
> > Here's the code:
> > http://juliusdavies.ca/commons-ssl/
> > 
> > 
> 
> Hi Julius,
> 
> Starting a whole new project within Jakarta Commons is a difficult
> proposition. You will have submit a formal sub-project proposal for
> consideration and that involves a lot of work and certain preconditions.
> Please refer to the Jakarta Subproject Proposals [1] for details
> 
> If you do not mind donating just certain pieces rather than the whole
> thing, I am sure we can find home for most of those classes within
> HttpComponents (proper or contrib)
> 
> Cheers,
> 
> Oleg
> 
> [1] http://jakarta.apache.org/site/newproject.html
> 
> 
> 
> > The way it works looks like this:
> > 
> > SSLClient client = new SSLClient();
> > client.addTrustMaterial( TrustMaterial.CACERTS );
> > client.addTrustMaterial( new TrustMaterial( "/path/to/cert.pem" ) );
> > SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
> > 
> > I put in a createSocket() that takes a timeout integer value to make
> > your life easier.
> > 
> > I've put in a "ping" utility I'm finding very handy.  It writes "HEAD /
> > HTTP/1.1" on a socket and then spits out any errors, including
> > certificate chains (in Base64 PEM format).  It's the default class in
> > the manifest, so all you need to use it is run:
> > 
> > java -jar commons-ssl.jar
> > 
> > Here's what it spits out if you don't specify any options:
> > 
> > ==============================================================
> > Usage:  java -jar commons-ssl.jar [options]
> > Options:   (*=required)
> > *  -t  --target           [hostname[:port]]             default port=443
> >    -b  --bind             [hostname[:port]]             default port=0 "ANY"
> >    -c  --client-cert      [path to client certificate]  *.jks or *.pfx
> >    -p  --password         [client cert password]
> > 
> > Example:
> > 
> > java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt`
> > ==============================================================
> > 
> > Here's what it spits out after a successful run:
> > 
> > $ java -jar commons-ssl.jar  -t www.cucbc.com
> > 
> > Writing:
> > ================================================================================
> > HEAD / HTTP/1.1
> > Host: www.cucbc.com
> > 
> > Reading:
> > ================================================================================
> > HTTP/1.1 200 OK
> > Date: Thu, 04 May 2006 00:22:27 GMT
> > Server: Apache/2.0.46 (Red Hat)
> > Accept-Ranges: bytes
> > Connection: close
> > Content-Type: text/html; charset=UTF-8
> > 
> > Server Certificate for: [www.cucbc.com/64.114.5.46:443]
> > ================================================================================
> > s.0: CN=www.cucbc.com, O=Credit Union Central of British Columbia, L=Vancouver,
ST=British Columbia, C=CA
> > i.0: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification
Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
> > -----BEGIN CERTIFICATE-----
> > MIIDdjCCAt+gAwIBAgIDIhV6MA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJa
> > QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
> > BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
> > aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBT
> > ZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5j
> > b20wHhcNMDUxMTEwMTkxMzE3WhcNMDYxMTEwMTkxMzE3WjCBhzELMAkGA1UEBhMC
> > Q0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl
> > cjExMC8GA1UEChMoQ3JlZGl0IFVuaW9uIENlbnRyYWwgb2YgQnJpdGlzaCBDb2x1
> > bWJpYTEWMBQGA1UEAxMNd3d3LmN1Y2JjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
> > jQAwgYkCgYEAr6PzKwELErUMueWqE7c+BDw9Cp2zNyivHmLWKpL/82xQCq+VG6Nx
> > OFVpg7rLMMgkbabFD5F8bC63ALaURfxtggWBOCpaHhr78F25rolWPRfpaGtjXeMk
> > Of3t/LeGImdljAqetHft51i6SE1EKxD8du9eTN7wNI7Sj8olgHY2MgkCAwEAAaOB
> > pjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1
> > oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJD
> > QS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50
> > aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAl0DrUmw2
> > 2+ua2oh1mpxcqOlHAhW3DJvHd2dXYrEYivd0cJ1mFJahfGDfbM2VuFkKgTgKF3Wu
> > /fzH8AERAuYz80WGifvXk3U3CgxOT0Cuv2MzaNMUuNw76iZmNjD9Rfh3flA+HWZj
> > kkpeS0oIu2QDgK1tN3TAfGWMaU9p50r5W9E=
> > -----END CERTIFICATE-----
> > 
> > It even prints out the certificates if the SSL handshake fails, so that
> > can be very handy when you've got miscreant client certificates or typos
> > in your truststores!
> > 
> > If you would like to read the code, or try playing with it, please check
> > out this URL:
> > 
> > http://juliusdavies.ca/commons-ssl/
> > 
> > Unfortunately I haven't included a build script yet, but just going into
> > the "org/apache/commons/ssl" directory and typing "javac *.java" does
> > the trick.  There are no dependencies at this time (for now I've stolen
> > Base64.java from commons-codec!).
> > 
> > 
> > What should I do to try and get a new "commons-ssl" project started?  If
> > this code is accepted, I would like to bring HTTPClient's "contrib-ssl"
> > into the HTTPClient 4.0 branch, and depend on "commons-ssl".
> > 
> > Sorry if I'm a little breathless.  I'm pretty excited.
> > 
> > 
> > 
> > yours,
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message