tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c
Date Thu, 09 Jun 2005 07:42:53 GMT

----- Original Message ----- 
From: "jean-frederic clere" <>
To: "Tomcat Developers List" <>
Sent: Thursday, June 09, 2005 12:20 AM
Subject: Re: cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c 

> wrote:
>> jfclere     2005/06/08 09:52:58
>>   Modified:    jni/examples/org/apache/tomcat/jni
>>                jni/java/org/apache/tomcat/jni
>>                jni/native/src ssl.c sslcontext.c
>>   Log:
>>   Change the BIOCallback interface to use write(byte[] buf) and
>>   read(byte[] buf);
>>   Add SSL_accept to do the client handshake.
>>   Arrange the corresponding example.
> +++ CUT +++
> Hi,
> I am not 100% happy with the code. Mladen already asked me to rollback the 
> changes. I think the worst thing is setSock() I have added to BIOCallback.
> My idea is/was to use BIOCallback or a similar interface to be able to 
> openssl either with normal JAVA sockets or APR native ones.
> Comments?

It looked OK to me.  Basically it's the APR implementation of SSLEngine. 
Don't really see a problem.

Of course, I don't really care about the APR-SSL Connector one way or the 
other.  Since the config is the same as for mod_ssl, there is absolutely no 
reason to not simply use mod_ssl instead.  If I just wanted the native-code 
optimizations, I'd use PureTLS instead.

> Cheers
> Jean-Frederic
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

This message is intended only for the use of the person(s) listed above as the intended recipient(s),
and may contain information that is PRIVILEGED and CONFIDENTIAL.  If you are not an intended
recipient, you may not read, copy, or distribute this message or any attachment. If you received
this communication in error, please notify us immediately by e-mail and then delete all copies
of this message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet
is not secure. Do not send confidential or sensitive information, such as social security
numbers, account numbers, personal identification numbers and passwords, to us via ordinary
(unencrypted) e-mail.

View raw message