hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: attempt at implementing "commons-ssl"
Date Thu, 04 May 2006 12:25:38 GMT
I'm keen for this to be included - it is something we need for JMeter.

However, I think one needs to get the appropriate software grant
before committing the code.

Also, it is probably sensible to formally contribute the code via
JIRA/Bugzilla attachments.

S.
On 04/05/06, Oleg Kalnichevski <olegk@apache.org> wrote:
> On Thu, 2006-05-04 at 11:00 +0200, Ortwin Gl├╝ck wrote:
> > Julius,
> >
> > This looks like a great contribution to HttpComponents HttpConn. Thank
> > you and your employer very much! I like the simple API.
> >
> > Oleg, this is not a whole project.
>
> I thought that is what Julius would prefer. Otherwise, I am sure we can
> incorporate most of this code into HttpComponents
>
> Oleg
>
>
> > It is merely some utility classes for
> > which we can easily find a home. No need to start a new subproject or
> > even the incubator.
> >
> > First thing will be to analyze the code base, put the classes in a
> > meaningful SVN / package structure, eliminate the Base64 copy, then
> > write up API Doc.
> >
> > my CHF 0.05
> >
> > Odi
> >
> > Julius Davies wrote:
> > > Hi, Httpclient,
> > >
> > > My employer (Credit Union Central of British Columbia) has given me
> > > permission to donate some code to Apache.  This code comes from my
> > > earlier attempt on this list to get HTTPClient to accept self-signed
> > > certificates.
> > >
> > > Here's the code:
> > > http://juliusdavies.ca/commons-ssl/
> > >
> > >
> > > The way it works looks like this:
> > >
> > > SSLClient client = new SSLClient();
> > > client.addTrustMaterial( TrustMaterial.CACERTS );
> > > client.addTrustMaterial( new TrustMaterial( "/path/to/cert.pem" ) );
> > > SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
> > >
> > > I put in a createSocket() that takes a timeout integer value to make
> > > your life easier.
> > >
> > > I've put in a "ping" utility I'm finding very handy.  It writes "HEAD /
> > > HTTP/1.1" on a socket and then spits out any errors, including
> > > certificate chains (in Base64 PEM format).  It's the default class in
> > > the manifest, so all you need to use it is run:
> > >
> > > java -jar commons-ssl.jar
> > >
> > > Here's what it spits out if you don't specify any options:
> > >
> > > ==============================================================
> > > Usage:  java -jar commons-ssl.jar [options]
> > > Options:   (*=required)
> > > *  -t  --target           [hostname[:port]]             default port=443
> > >    -b  --bind             [hostname[:port]]             default port=0 "ANY"
> > >    -c  --client-cert      [path to client certificate]  *.jks or *.pfx
> > >    -p  --password         [client cert password]
> > >
> > > Example:
> > >
> > > java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt`
> > > ==============================================================
> > >
> > > Here's what it spits out after a successful run:
> > >
> > > $ java -jar commons-ssl.jar  -t www.cucbc.com
> > >
> > > Writing:
> > > ================================================================================
> > > HEAD / HTTP/1.1
> > > Host: www.cucbc.com
> > >
> > > Reading:
> > > ================================================================================
> > > HTTP/1.1 200 OK
> > > Date: Thu, 04 May 2006 00:22:27 GMT
> > > Server: Apache/2.0.46 (Red Hat)
> > > Accept-Ranges: bytes
> > > Connection: close
> > > Content-Type: text/html; charset=UTF-8
> > >
> > > Server Certificate for: [www.cucbc.com/64.114.5.46:443]
> > > ================================================================================
> > > s.0: CN=www.cucbc.com, O=Credit Union Central of British Columbia, L=Vancouver,
ST=British Columbia, C=CA
> > > i.0: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification
Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
> > > -----BEGIN CERTIFICATE-----
> > > MIIDdjCCAt+gAwIBAgIDIhV6MA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJa
> > > QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
> > > BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
> > > aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBT
> > > ZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5j
> > > b20wHhcNMDUxMTEwMTkxMzE3WhcNMDYxMTEwMTkxMzE3WjCBhzELMAkGA1UEBhMC
> > > Q0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl
> > > cjExMC8GA1UEChMoQ3JlZGl0IFVuaW9uIENlbnRyYWwgb2YgQnJpdGlzaCBDb2x1
> > > bWJpYTEWMBQGA1UEAxMNd3d3LmN1Y2JjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
> > > jQAwgYkCgYEAr6PzKwELErUMueWqE7c+BDw9Cp2zNyivHmLWKpL/82xQCq+VG6Nx
> > > OFVpg7rLMMgkbabFD5F8bC63ALaURfxtggWBOCpaHhr78F25rolWPRfpaGtjXeMk
> > > Of3t/LeGImdljAqetHft51i6SE1EKxD8du9eTN7wNI7Sj8olgHY2MgkCAwEAAaOB
> > > pjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1
> > > oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJD
> > > QS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50
> > > aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAl0DrUmw2
> > > 2+ua2oh1mpxcqOlHAhW3DJvHd2dXYrEYivd0cJ1mFJahfGDfbM2VuFkKgTgKF3Wu
> > > /fzH8AERAuYz80WGifvXk3U3CgxOT0Cuv2MzaNMUuNw76iZmNjD9Rfh3flA+HWZj
> > > kkpeS0oIu2QDgK1tN3TAfGWMaU9p50r5W9E=
> > > -----END CERTIFICATE-----
> > >
> > > It even prints out the certificates if the SSL handshake fails, so that
> > > can be very handy when you've got miscreant client certificates or typos
> > > in your truststores!
> > >
> > > If you would like to read the code, or try playing with it, please check
> > > out this URL:
> > >
> > > http://juliusdavies.ca/commons-ssl/
> > >
> > > Unfortunately I haven't included a build script yet, but just going into
> > > the "org/apache/commons/ssl" directory and typing "javac *.java" does
> > > the trick.  There are no dependencies at this time (for now I've stolen
> > > Base64.java from commons-codec!).
> > >
> > >
> > > What should I do to try and get a new "commons-ssl" project started?  If
> > > this code is accepted, I would like to bring HTTPClient's "contrib-ssl"
> > > into the HTTPClient 4.0 branch, and depend on "commons-ssl".
> > >
> > > Sorry if I'm a little breathless.  I'm pretty excited.
> > >
> > >
> > >
> > > yours,
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message