tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Tomcat to support other keystore types?
Date Wed, 07 Nov 2001 18:40:22 GMT
And, indeed, for tomcat+apache, we don't use JSSE (except to allow for url
rewriting ;).  I'm in favor of Eric's approach for exactly Costin's reason:
having a separate interface  would decouple the SSL info from the socket
factory.

Of course, if Eric wants to provide patches to save me typing I'm even more
in favor of it.
----- Original Message -----
From: "jean-frederic clere" <jfrederic.clere@fujitsu-siemens.com>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Wednesday, November 07, 2001 9:58 AM
Subject: Re: Tomcat to support other keystore types?


> Eric Rescorla wrote:
> >
> > <cmanolache@yahoo.com> writes:
> > > IMHO it would be better to decouple the SSL info from the socket
> > > factory and socket abstraction - in apache+tomcat case all the
information
> > > will be retrieved from apache using RPC-like communication.
> > The approach I was thinking about was to have some abstract
> > SSLSocket interface that all the SSL modules had to implement.
> > How that interface was implemented would be under the covers.
> > It would be straightforward for the apache+tomcat implementations
> > to use RPC internally to get information about the sockets.
>
> For tomcat+apache the SSL logic is in httpd and all could be done using
> java.security (except when using jdk1.1.x).
>
> For tomcat standalone we need the new SSLSocket interface. For the client
> certificates the best would be to get them it java.security classes. (JSSE
has
> them in javax.security and PureTSL?).
>
> >
> > Is that what you had in mind or were you thinking of something
> > different?
> >
> > -Ekr
> >
> > --
> > [Eric Rescorla                                   ekr@rtfm.com]
> >                 http://www.rtfm.com/
> >
> > --
> > To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>
>


*----*

This message is intended only for the use of the person(s) listed above 
as the intended recipient(s), and may contain information that is 
PRIVILEGED and CONFIDENTIAL.  If you are not an intended recipient, 
you may not read, copy, or distribute this message or any attachment.  
If you received this communication in error, please notify us immediately 
by e-mail and then delete all copies of this message and any attachments.


In addition you should be aware that ordinary (unencrypted) e-mail sent 
through the Internet is not secure. Do not send confidential or sensitive 
information, such as social security numbers, account numbers, personal 
identification numbers and passwords, to us via ordinary (unencrypted) 
e-mail. 

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message