tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject Re: Tomcat to support other keystore types?
Date Wed, 07 Nov 2001 17:58:27 GMT
Eric Rescorla wrote:
> 
> <cmanolache@yahoo.com> writes:
> > IMHO it would be better to decouple the SSL info from the socket
> > factory and socket abstraction - in apache+tomcat case all the information
> > will be retrieved from apache using RPC-like communication.
> The approach I was thinking about was to have some abstract
> SSLSocket interface that all the SSL modules had to implement.
> How that interface was implemented would be under the covers.
> It would be straightforward for the apache+tomcat implementations
> to use RPC internally to get information about the sockets.

For tomcat+apache the SSL logic is in httpd and all could be done using
java.security (except when using jdk1.1.x).

For tomcat standalone we need the new SSLSocket interface. For the client
certificates the best would be to get them it java.security classes. (JSSE has
them in javax.security and PureTSL?).

> 
> Is that what you had in mind or were you thinking of something
> different?
> 
> -Ekr
> 
> --
> [Eric Rescorla                                   ekr@rtfm.com]
>                 http://www.rtfm.com/
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message