santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milan Tomic" <mi...@setcce.org>
Subject RE: XSECSOAPRequestorSimple::doRequest()
Date Tue, 25 Jan 2005 08:27:27 GMT
Hello Scott,

	The class that I have attached is for Windows OS. It will be
soon in CVS. Berin will do OpenSSL version. The only things you can set
up is client certificate (PCCERT_CONTEXT), protocol (PCT, SSL2, SSL3,
TLS1) and key exchange alg type (RSA, DH). Server certificate is
validated by searching for it in the Windows cert store.

	Yes, this class is for resolving URIs. I have mentioned SOAP,
because we have planed to use it in XKMS and similar.

Best regards,
Milan


> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu] 
> Sent: Monday, January 24, 2005 5:05 PM
> To: security-dev@xml.apache.org
> Subject: RE: XSECSOAPRequestorSimple::doRequest()
> 
> 
> > I'm attaching Win32 SSL URI resolver class and test code.
> > I haven't still finished testing.
> 
> Are there hooks to override the SSL trust processing? That's 
> a common failing with these kinds of interfaces, and SSL is 
> useless without sufficient control over the authentication.
> 
> > I have some doubts. I have noticed that XSECURIResolver interface 
> > doesn't have send() method and resolveURI() returns BinInputStream.
> > Without send() I'm not sure how we can use it in SOAP?
> 
> Isn't this for resolving URIs? The protocol for resolving an 
> http or https URI is HTTP GET, not SOAP.
> 
> -- Scott
> 



Mime
View raw message