tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject Re: Tomcat to support other keystore types?
Date Wed, 07 Nov 2001 08:45:41 GMT
Eric Rescorla wrote:
> 
> "Bill Barker" <wbarker@wilshire.com> writes:
> > I've checked in the modifications to PoolTcpConnector to allow plugging in
> > another SSL provider.  Now he just has to create a class extending
> > o.a.t.util.net.ServerSocketFactory that works with his SSL implementation,
> > and then put it's class as the value to the socketFactory attribute in
> > Http10Interceptor.
> 
> Hi. "He" is me, the author of PureTLS.
> 
> I've taken a look at what you've done and I can definitely work
> with it. However, I think that we need one more piece:
> 
> Currently CertCompat has JSSE hardwired in.

Due to:
+++
 static final String JSSE_SUPPORT=
        "org.apache.tomcat.util.compat.JSSECertCompat";
+++
We just need "org.apache.tomcat.util.compat.PureTLSCertCompat" and a parameter
to allow JSSE_SUPPORT to be changed in SSL_SUPPORT. Quick hack would be to add
PureTLS_SUPPORT and try to load both classes the successfully one would be the
one used.

How could we add it as a parameter in the server.xml file?

By the way: I have forgotten to put the ASF header in the sources when commit
them last time, I will arrange this when committing PureTLS support :)

> If we substitute PureTLS
> then we'll need to add an adapter for PureTLS.  (the adapter is just a
> stub since PureTLS has no problem giving you the encoded certificates.)
> 
> Obviously, I'm more than happy to write this adapter but you
> probably have some opinions about how to arrange that the right
> one gets dynamically loaded. If you prefer, I can submit/suggest
> changes for this as well.
> 
> -Ekr
> 
> --
> [Eric Rescorla                                   ekr@rtfm.com]
>                 http://www.rtfm.com/
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message