tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Rescorla <...@rtfm.com>
Subject Re: Tomcat to support other keystore types?
Date Thu, 08 Nov 2001 00:06:43 GMT
<cmanolache@yahoo.com> writes:

> On 7 Nov 2001, Eric Rescorla wrote:
> 
> > > > Then, all Tomcat code can just do (for instance):
> > > > 	java.security.cert.Certificate[] certs;
> > > >
> > > > 	certs=((SSLSocketExtensions)socket).getCertificateChain();
> > >
> > > > Does this seem acceptable?
> > >
> > > I don't like the last part ( casting the socket ), but it is acceptable.
> 
> > I don't really see a way around it, though, since the rest of
> > the code slings Sockets around. If we want to get the SSLSupport from
> > the Socket we'll need to cast it to some other type. I suppose we
> > could always do:
> 
> There is no problem with the ssl socket implementing SSLSupport, but
> the code that uses the certs ( like the auth modules, etc ) should not
> see the socket.
> 
> Something like:
> 
> Http connector:
> 
>   request.setNote( "sslSupport", (SSLSupport)socket);
> 
> Ajp connector:
>   request.setNote( "sslSupport", new SSLSupport( ajpSession ));
> 
> Except this, nothing else will know or care if SSLSupport
> is an instance of Socket.
Ok. We're definitely on the same page here. I'll get to work.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message