Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 95078 invoked from network); 1 Nov 2002 00:18:57 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 1 Nov 2002 00:18:57 -0000 Received: (qmail 5581 invoked by uid 97); 1 Nov 2002 00:19:50 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 5545 invoked by uid 97); 1 Nov 2002 00:19:50 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 5531 invoked by uid 98); 1 Nov 2002 00:19:49 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Message-ID: <001101c2814c$e0eea8f0$0b01a8c0@dev1> From: "Pae Choi" To: Subject: Externalizing the Configurable Inforamtion in TOMCAT -- Especially Security related Package Date: Thu, 31 Oct 2002 18:17:49 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C28109.D1BE65C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------=_NextPart_000_000E_01C28109.D1BE65C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Folks, As J2SDK v1.4.x made changes including the SSL/TLS related APIs, we are no longer in need to embed the SUN's provider package, e.g., import com.sun.net.ssl.KeyManagerFactory; import com.sun.net.ssl.SSLContext; import com.sun.net.ssl.TrustManagerFactory; as defined in the org.apache.catalina.net.SSLServerSocketFactory. We now more use the javax.net.ssl.* package with J2SDK v4.x and a good sample is the "RMI Using SSL" The sample came with J2SDK v1.3.x and J2SDK v1.4.x are good example for the differences. I am thinking that it would be better for international users and more usability as well as acceptability, if TOMCAT can externalize the = definitions of configurable info. e.g., provider name, type of key store, etc. Would it be possble to ask you, especially Harish Prabandham, Costin Manolache, and Craig McClanahan, to add this in the future release. + Support for "PKCS12" key store type in addition to JKS + Ability to define the security provier package in the external configuration file. This can be one of three ways we can define the 1. Use the "java.security" 2. Use the command-line to deifne the sytem properties 3. Embed it in the code as the TOMCAT does. In this way we can continuously use the SUN's provider package as well as other packages based on the USER's prference. BouncyCastle can be one of packages other than SUN's package. Please note that I am not againsnt any specifc vendor not package, but just think that it would create ore flexibility. I for one am very happy with you folks' work. And thank you always. Any comments on this are welcome and will be appreciated. Regards, Pae ------=_NextPart_000_000E_01C28109.D1BE65C0--