Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 86239 invoked from network); 7 Nov 2001 17:57:28 -0000 Received: from unknown (HELO osaka.betaversion.org) (192.18.49.133) by daedalus.apache.org with SMTP; 7 Nov 2001 17:57:28 -0000 Received: (qmail 18530 invoked from network); 7 Nov 2001 17:59:59 -0000 Received: from nagoya.betaversion.org (192.18.49.131) by osaka.betaversion.org with SMTP; 7 Nov 2001 17:59:59 -0000 Received: (qmail 5945 invoked by uid 97); 7 Nov 2001 17:57:14 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 5929 invoked by uid 97); 7 Nov 2001 17:57:13 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 5918 invoked from network); 7 Nov 2001 17:57:13 -0000 Sender: jfclere@vtxrm2.bcn.fsc.net Message-ID: <3BE97643.336AC3CC@fujitsu-siemens.com> Date: Wed, 07 Nov 2001 18:58:27 +0100 From: jean-frederic clere Reply-To: jfrederic.clere@fujitsu-siemens.com X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.7 i686) X-Accept-Language: en, fr, de MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: Tomcat to support other keystore types? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Eric Rescorla wrote: > > writes: > > IMHO it would be better to decouple the SSL info from the socket > > factory and socket abstraction - in apache+tomcat case all the information > > will be retrieved from apache using RPC-like communication. > The approach I was thinking about was to have some abstract > SSLSocket interface that all the SSL modules had to implement. > How that interface was implemented would be under the covers. > It would be straightforward for the apache+tomcat implementations > to use RPC internally to get information about the sockets. For tomcat+apache the SSL logic is in httpd and all could be done using java.security (except when using jdk1.1.x). For tomcat standalone we need the new SSLSocket interface. For the client certificates the best would be to get them it java.security classes. (JSSE has them in javax.security and PureTSL?). > > Is that what you had in mind or were you thinking of something > different? > > -Ekr > > -- > [Eric Rescorla ekr@rtfm.com] > http://www.rtfm.com/ > > -- > To unsubscribe, e-mail: > For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: