incubator-ftpserver-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niklas Gustavsson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (FTPSERVER-93) Support for alias when configuring SSL
Date Wed, 15 Aug 2007 21:21:31 GMT

    [ https://issues.apache.org/jira/browse/FTPSERVER-93?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520100
] 

Niklas Gustavsson commented on FTPSERVER-93:
--------------------------------------------

I have run into problems implementing this request. The X509ExtendedKeyManager only exist
from Java 1.5 and we still support 1.4, so that is currently out of the questions.

Instead, I took the same approach as Tomcat (actually copied the class) but I run into very
odd problems where the MINA based listener won't find a matching key for the SSL handshake.
Note that this was without actually using an alias (just passing to the delegate key manager),
in fact none of the methods on the key manager is ever called (it seems like the key manager
is not deemed appropriate when JSSE looks for keys). I have no idea why, any help is welcome!

> Support for alias when configuring SSL
> --------------------------------------
>
>                 Key: FTPSERVER-93
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-93
>             Project: FtpServer
>          Issue Type: Wish
>          Components: Core
>    Affects Versions: 1.0-M1
>            Reporter: Steve Jones
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M2
>
>
> Configuration for the the SSL listeners should support an "alias".
> This would allow a particular key to be selected from a keystore.
> For reference, here's the tomcat class that does this:
>   org.apache.tomcat.util.net.jsse.JSSEKeyManager.java
> The only tricky part that I am aware of is that for JKS keystores the alias should be
converted to all lower case.
> Also for reference, this is the extended X509 key manager that uses aliases:
>   http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/X509ExtendedKeyManager.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message