tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: svn commit: r616522 - in /tomcat/trunk/java/org/apache/tomcat/util/net/puretls: PureTLSImplementation.java PureTLSSocket.java PureTLSSocketFactory.java PureTLSSupport.java
Date Wed, 30 Jan 2008 03:08:03 GMT
Bill Barker wrote:
> "Mark Thomas" <markt@apache.org> wrote in message 
> news:479FA18F.5080002@apache.org...
>   
>> markt@apache.org wrote:
>>     
>>> Author: markt
>>> Date: Tue Jan 29 13:18:25 2008
>>> New Revision: 616522
>>>
>>> URL: http://svn.apache.org/viewvc?rev=616522&view=rev
>>> Log:
>>> Tab police. No function change
>>>
>>> Modified:
>>>
>>> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSImplementation.java
>>>
>>> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocket.java
>>>
>>> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSocketFactory.java
>>>
>>> tomcat/trunk/java/org/apache/tomcat/util/net/puretls/PureTLSSupport.java
>>>       
>> Before I spend any more time looking at 
>> http://issues.apache.org/bugzilla/show_bug.cgi?id=44318 am I correct in 
>> thinking that PureTLS has never been part of of the TC6 build and that I 
>> could just remove these four files instead?
>>
>> If we do want to keep PureTLS support the main problem appears to be 
>> http://svn.apache.org/viewvc?view=rev&revision=428884 which added a JSSE 
>> dependency into o.a.t.util.net.SSLImplementation
>>
>> As far as I can tell, PureTLS doesn't support nio anyway so...
>>
>> Thoughts?
>>
>>     
>
> I remember that there was talk of removing PureTLS support.  The PureTLS 
> library isn't actively developed anymore (some security fixes, but not much 
> else), and it still depends on a hacked version of Cryptix.  But nobody has 
> stepped up to actually remove it.
>
> That having been said, I'd prefer to remove the JSSE dependancy from 
> SSLImplementation, since it makes it nearly impossible to develop a non-JSSE 
> SSLImplementation (e.g. I there was talk of developing one for Mozilla's SSL 
> stack, but nothing ever happened).  Without having thought it out much, 
> something like changing
>    abstract public SSLSupport getSSLSupport(SSLSession session);
> to
>    abstract public SSLSupport getNioSSLSupport(Socket sock);
>   
if we are gonna remove it, why remove it only for one connector. The 
code used is the same by both the BIO and the NIO connector
not sure we need the abstraction at all


> In the JSSE case, you can get the SSLSession from the Socket, so it would be 
> a small change to the existing code.
>   
same code can be reused for both connectors.

Filip
>   
>> Mark 
>>     
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message