hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL Engine configuration for setNeedClientAuth
Date Tue, 02 Jun 2009 16:41:03 GMT
johndoe Doe wrote:
> I need to configure the SSLEngine created in org.apache.http.impl.nio.reactor.SSLIOSession
used by org.apache.http.impl.nio.SSLServerIOEventDispatch to control client auth using setNeedClientAuth.
> 
> Extending SSLServerIOEventDispatch, the implementation of createSSLIOSession(IOSession,
SSLContext, SSLIOSessionHandler) can be overridden but in order to accomplish the aforesaid,
it would be better to reuse SSLIOSession and tune its SSLEngine based on some used defined
tunables. One way to enable this would be to add a new method in SSLIOSession:
> 
> protected SSLEngine getSSLEngine() 
> {
>     return(this.sslEngine);
> }
> 
> This enables extending SSLIOSession to tune SSLEngine as per requirements and hence use
the full configurablilty of SSLEngine and use this extended SSLIOSession in an extended SSLServerIOEventDispatch.
Can we have this method in a future release?
> 
> -J.D.
> 
> 
> 
>       

J.D.

It is not a big deal to add #getSSLEngine() method to the SSLIOSession 
class, but have you looked at the SSLIOSessionHandler interface? Its 
purpose is precisely to enable users to tune SSLEngine. The benefit of 
using the interface is that it the SSLServerIOEventDispatch class can 
sure that the SSLEngine is configured at the right moment of its life cycle.

SSLIOSessionHandler sslHandler = new SSLIOSessionHandler() {

     public void initalize(
             SSLEngine sslengine,
             HttpParams params) throws SSLException {
         sslengine.setNeedClientAuth(true);
     }

     public void verify(
             SocketAddress remoteAddress,
             SSLSession session) throws SSLException {
     }

};

IOEventDispatch ioEventDispatch = new SSLServerIOEventDispatch(
         handler,
         sslcontext,
         sslHandler,
         params);

Would that solve the problem for you?

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message