hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Handling Multiple SSL Configurations
Date Wed, 22 Jul 2009 08:52:19 GMT
On Wed, Jul 22, 2009 at 10:39:15AM +0530, Hiranya Jayathilaka wrote:
> Hi Devs,
> 
> I'm working on Apache Synapse which uses HTTP Core NIO. Currently out HTTPS
> transport makes use of one SSL context (initialized from a
> keystore/truststore pair). We want to extend that to support multiple SSL
> contexts. For example when Synapse connects to server A it will use one SSL
> context and when it connects to server B it will use another SSL context.
> 
> I did an initial implementation of the above feature using multiple
> IOReactors (ConnectingIOReactor implementations) where each IOReactor is
> associated with its own IOEventDispatch and this solution works fine.
> However it would be great if we can do this without using multiple
> IOReactors. Is this achievable? What is the best way to handle multiple SSL
> contexts with HTTP Core?
> 

Hiranya,

I do not think multiple IOReactors are needed. One can use a custom
IOEventDispatch in order to set up SSL contexts for outgoing connections on a
case by case basis.

Something along this line:

public class MySSLClientIOEventDispatch implements IOEventDispatch {

...

    public void connected(final IOSession session) {

        SSLContext sslContext;
        
        InetSocketAddress remoteAddress = (InetSocketAddress) session.getRemoteAddress();
        String hostname = remoteAddress.getHostName();
        
        if (hostname.equalsIgnoreCase("host-a")) {
            sslContext = SSLContext.getInstance("SSLv2");
            sslContext.init(null, null, null);
        } else if (hostname.equalsIgnoreCase("host-b")) {
            sslContext = SSLContext.getInstance("SSLv3");
            sslContext.init(null, null, null);
        } else {
            sslContext = SSLContext.getInstance("TLSv1");
            sslContext.init(null, null, null);
        }

        SSLIOSession sslSession = new SSLIOSession(session, sslContext, this.sslHandler);

	...
   }

}

One can provide additional configuration information to the dispatcher at the
construction time such as DNS hostname to keystore mapping (or DNS hostname to
cert alias mapping when using just one keystore).

Hope this helps

Oleg



> Thanks,
> -- 
> Hiranya Jayathilaka
> Software Engineer;
> WSO2 Inc.;  http://wso2.org
> E-mail: hiranya@wso2.com;  Mobile: +94 77 633 3491
> Blog: http://techfeast-hiranya.blogspot.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message