Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3763AE8A4 for ; Wed, 27 Feb 2013 11:40:29 +0000 (UTC) Received: (qmail 37997 invoked by uid 500); 27 Feb 2013 11:40:29 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 37816 invoked by uid 500); 27 Feb 2013 11:40:28 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 37767 invoked by uid 99); 27 Feb 2013 11:40:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2013 11:40:26 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jeewamp.dev@gmail.com designates 209.85.212.196 as permitted sender) Received: from [209.85.212.196] (HELO mail-wi0-f196.google.com) (209.85.212.196) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2013 11:40:21 +0000 Received: by mail-wi0-f196.google.com with SMTP id hq4so117883wib.7 for ; Wed, 27 Feb 2013 03:40:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=WlJ9RM6QA19SK9M39PvJzKGKkGd+6MOCZroXzSfvm7o=; b=SAUg9BEh9H24USDl3gAScgh1PakTj5B27LsIP1LWiBhf//7xA1hx0UBHrf6ZLaJkux kWulzMheEB6MkxeQkjGKa4Cgq1mR7kikkY6Gajzu4LQCVhNx+bpyDi7IQQiHTOX4agyg YUpOFFl5bF10DiOq7ul7adfDfoTgE2nDmItiMtijTnRvRQ4JwrI0hU6ljJqsGm76fEgr K9QW0fSkhZCVzi1alR5GFKw3O1W2dnvHg+uY2SbZoFK8Ji1LIJV5gtlauiTxbCLVVcP3 yKVAIZhcQUIeoEId1xf6/PnYLXGLIXeogy1YHchK6E5AvxdE5p/VT8raaj/uYYxI05mb kvJg== MIME-Version: 1.0 X-Received: by 10.194.120.169 with SMTP id ld9mr3285348wjb.24.1361965200235; Wed, 27 Feb 2013 03:40:00 -0800 (PST) Received: by 10.216.6.82 with HTTP; Wed, 27 Feb 2013 03:40:00 -0800 (PST) Date: Wed, 27 Feb 2013 17:10:00 +0530 Message-ID: Subject: How are TrustStores and KeyStores used in SSL in HTTP-core-nio From: Prasad Jeewantha To: dev@hc.apache.org Content-Type: multipart/alternative; boundary=e89a8f642c14f4e2bb04d6b33bf5 X-Virus-Checked: Checked by ClamAV on apache.org --e89a8f642c14f4e2bb04d6b33bf5 Content-Type: text/plain; charset=ISO-8859-1 Hi all, There is an SSL Certificate Verification feature (OCSP/CRL) I want to implement in Apache Synapse which uses http-core-nio project as a dependency. In Synapse when creating an *SSLContext* it takes * truststore.jks* and the *keystore.jks* as arguments. In the class * org.apache.http.impl.nio.reactor.SSLIOSession* it creates an *SSLEngine*from *sslContext.createSSLEngine(hostname, port) *method. When debugging Synapse I can see the TrustManagers and KeyManagers in SSLEngine. *Please tell me how the TrustManagers and KeyManagers are used in http-core-nio project*. I want to verify whether the root certificate in the Peer certificate chain is in the TrustStore. I am not sure whether this is already implemented. Thanks in advance. Jeewantha. PS. I created a general StackOverflow question on this http://stackoverflow.com/q/15104873/1411653 --e89a8f642c14f4e2bb04d6b33bf5--