tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arieh Markel <Arieh.Mar...@Central.Sun.COM>
Subject Re: Bridging with
Date Fri, 02 Jun 2000 19:14:59 GMT

> Mailing-List: contact; run by ezmlm
> X-No-Archive: yes
> list-help: <>
> list-unsubscribe: <>
> list-post: <>
> Delivered-To: mailing list
> From: Costin Manolache <>
> To:
> Subject: Re: Bridging with
> X-Spam-Rating: 1.6.2 0/1000/N
> Arieh Markel wrote:
> > During my work on trying to get SSL to work with Jakarta/Tomcat, I ran
> > across the issue of (in)compatibility between the ServerSocketFactory
> > classes found in and
> >
> > I realized the utility of being able to bridge between both definitions.
> >
> > As a result I am proposing the incorporation of the following class,
> > which could then be extended by specialized factory implementations
> > (for SSL, at least):
> What's the difference ? Can you give a bit more details ?

The difference results from the fact that the tomcat and the
classes have (almost) similar signatures, yet they are different.

The implementations of PoolTcp* use the apache classes.

I have been playing with extending the PoolTcpConnector class into
an SSLPoolTcpConnector that would just set a SSL-specific

The following are the classes I have begun defining:
Then, an addition of appropriate lines on the server.xml should
provide that.

        <Connector className="org.apache.tomcat.service.SSLPoolTcpConnector">
            <Parameter name="handler"
            <Parameter name="port" value="8090"/>
            <Parameter name="thread_pool" value="on"/>
            <Parameter name="max_threads" value="100"/>
            <Parameter name="max_spare_threads" value="30"/>
            <Parameter name="min_spare_threads" value="10"/>
            <Parameter name="key_store" value="etc/security/keystore">
            <Parameter name="cert_store" value="etc/security/certs">
(Not sure if all parameters - see below - need to be explicit.
Also, what about the ability to specify on the configuration the
SSL ServerSocketFactory that needs to be used ?).

One of the issues that I am running across are the need to be able
to configure the following items:

	location of KeyStore
	location of Certificates
also, depending on implementations:

	protocol		(defaults to TLS)
	encoding algorithm	(X509)
	passphrase (location ?)
> I am very interested in this topic -  I'm also working on Certificate-based
> authentication and bridging,  can you share some code  ?

I will provide the code as soon as I am happy with what I have
and see it running on my environment (probably early next week).


> Costin

 Arieh Markel		                Sun Microsystems Inc.
 Network Storage                        500 Eldorado Blvd. MS UBRM11-194
 e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
 Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
 (e-mail me with subject SEND PUBLIC KEY to get public key)

View raw message