tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cmanola...@yahoo.com>
Subject Re: Tomcat to support other keystore types?
Date Wed, 07 Nov 2001 23:57:30 GMT
On 7 Nov 2001, Eric Rescorla wrote:

> > > Then, all Tomcat code can just do (for instance):
> > > 	java.security.cert.Certificate[] certs;
> > >
> > > 	certs=((SSLSocketExtensions)socket).getCertificateChain();
> >
> > > Does this seem acceptable?
> >
> > I don't like the last part ( casting the socket ), but it is acceptable.

> I don't really see a way around it, though, since the rest of
> the code slings Sockets around. If we want to get the SSLSupport from
> the Socket we'll need to cast it to some other type. I suppose we
> could always do:

There is no problem with the ssl socket implementing SSLSupport, but
the code that uses the certs ( like the auth modules, etc ) should not
see the socket.

Something like:

Http connector:

  request.setNote( "sslSupport", (SSLSupport)socket);

Ajp connector:
  request.setNote( "sslSupport", new SSLSupport( ajpSession ));

Except this, nothing else will know or care if SSLSupport
is an instance of Socket.

> I'm not sure what this would really buy us though except one extra
> class. Of course, the more classes the better :)

Simpler is better ! :-)


Costin



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message