tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslcontext.c
Date Thu, 09 Jun 2005 07:40:29 GMT
jean-frederic clere wrote:
> jfclere@apache.org wrote:
>>   Log:
>>   Change the BIOCallback interface to use write(byte[] buf) and
>>   read(byte[] buf);
>>   Add SSL_accept to do the client handshake.
>>   Arrange the corresponding example.
>>   
> 
> 
> +++ CUT +++
> 
> Hi,
> 
> I am not 100% happy with the code. Mladen already asked me to rollback 
> the changes. I think the worst thing is setSock() I have added to 
> BIOCallback.

Yes please rollback.

> My idea is/was to use BIOCallback or a similar interface to be able to 
> openssl either with normal JAVA sockets or APR native ones.
>

I plan to create the SSLSocket that will use created Socket
(here I speak about Native sockets only) then obtain apr_os_sock_t
and then do a SSL accept on that accepted socket.

SSLSocket.create will create tcn_ssl_t from SSLContext and will
contain both apr_sock_t* and SSL*. We need APR socket to be
able to do the polling on the SSL sockets as well.

Please give me a day or two to finish the skeleton implementation,
that will do a basic s_server/s_client.

BIOCallback will be used only for:
1. Password callbacks
2. Error logging
3. Custom byte streams for certificate data contained in
    non file system storage.
    For example right now we have:
    SSLContext.setCertificate(..., file, ...)
    I plan to add the:
    SSLContext.setCertificate(..., BIOCallback, ...)
    read/write callback methods could be used for reading
    certificate data from database blobs, or directly from keystorage.


Regards,
Mladen.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message