tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Rescorla <...@rtfm.com>
Subject Re: Resend: SSL portability and Coyote
Date Sat, 27 Apr 2002 15:33:49 GMT
Nick Betteridge <n.betteridge@syntactics.com> writes:
> Eric Rescorla wrote:
> > 
> > This didn't make it out the first time so I'm resending...
> > 
> > I'm looking at what needs to be done to make the 3.3 SSL portablity
> > stuff work properly with Coyote. For the most part, this work has been
> > done--if you set the SSLImplementation appropriately and the correct
> > factory gets invoked. However, there appear to be some issues with
> > CoyoteServerSocketFactory and it's handling of configuration
> > directives:
> > 
> > (1) CoyoteServerSocketFactory appears to be willing to handle a
> > "socketFactoryName". AFAICT, this is supplanted by SSLImplementation
> > and none of the other code does anything with it. Any reason not to
> > remove support for this directive entirely?
> > 
> > (2) JSSE uses one keyfile (the keystore). PureTLS uses three, the
> > keyfile, the CA file, and the random file. I need to add new
> > directives to ServerSocketFactory to propagate those.
> > 
> 
> Erik - any chance of implementing this with a generic certificate/key
> factory so that the SocketFactory doesn't just rely on the default
> keystore?
I'm not sure exactly what you're looking for here. Can you provide
an example of how you'd like things to look?

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message