You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by johndoe Doe <j1...@yahoo.com> on 2009/06/02 08:51:32 UTC
SSL Engine configuration for setNeedClientAuth
I need to configure the SSLEngine created in org.apache.http.impl.nio.reactor.SSLIOSession used by org.apache.http.impl.nio.SSLServerIOEventDispatch to control client auth using setNeedClientAuth.
Extending SSLServerIOEventDispatch, the implementation of createSSLIOSession(IOSession, SSLContext, SSLIOSessionHandler) can be overridden but in order to accomplish the aforesaid, it would be better to reuse SSLIOSession and tune its SSLEngine based on some used defined tunables. One way to enable this would be to add a new method in SSLIOSession:
protected SSLEngine getSSLEngine()
{
return(this.sslEngine);
}
This enables extending SSLIOSession to tune SSLEngine as per requirements and hence use the full configurablilty of SSLEngine and use this extended SSLIOSession in an extended SSLServerIOEventDispatch. Can we have this method in a future release?
-J.D.
Re: SSL Engine configuration for setNeedClientAuth
Posted by "J. D." <j1...@yahoo.com>.
Thanks Oleg. That would be perfect. I did not realize that
SSLIOSessionHandler already provides access to SSLEngine BEFORE an
SSLSession gets established. I commend the good design effort put into this
project.
- J.D.
olegk wrote:
>
> johndoe Doe wrote:
>> I need to configure the SSLEngine created in
>> org.apache.http.impl.nio.reactor.SSLIOSession used by
>> org.apache.http.impl.nio.SSLServerIOEventDispatch to control client auth
>> using setNeedClientAuth.
>>
>> Extending SSLServerIOEventDispatch, the implementation of
>> createSSLIOSession(IOSession, SSLContext, SSLIOSessionHandler) can be
>> overridden but in order to accomplish the aforesaid, it would be better
>> to reuse SSLIOSession and tune its SSLEngine based on some used defined
>> tunables. One way to enable this would be to add a new method in
>> SSLIOSession:
>>
>> protected SSLEngine getSSLEngine()
>> {
>> return(this.sslEngine);
>> }
>>
>> This enables extending SSLIOSession to tune SSLEngine as per requirements
>> and hence use the full configurablilty of SSLEngine and use this extended
>> SSLIOSession in an extended SSLServerIOEventDispatch. Can we have this
>> method in a future release?
>>
>> -J.D.
>>
>>
>>
>>
>
> J.D.
>
> It is not a big deal to add #getSSLEngine() method to the SSLIOSession
> class, but have you looked at the SSLIOSessionHandler interface? Its
> purpose is precisely to enable users to tune SSLEngine. The benefit of
> using the interface is that it the SSLServerIOEventDispatch class can
> sure that the SSLEngine is configured at the right moment of its life
> cycle.
>
> SSLIOSessionHandler sslHandler = new SSLIOSessionHandler() {
>
> public void initalize(
> SSLEngine sslengine,
> HttpParams params) throws SSLException {
> sslengine.setNeedClientAuth(true);
> }
>
> public void verify(
> SocketAddress remoteAddress,
> SSLSession session) throws SSLException {
> }
>
> };
>
> IOEventDispatch ioEventDispatch = new SSLServerIOEventDispatch(
> handler,
> sslcontext,
> sslHandler,
> params);
>
> Would that solve the problem for you?
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/SSL-Engine-configuration-for-setNeedClientAuth-tp23828283p23843326.html
Sent from the HttpComponents-Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: SSL Engine configuration for setNeedClientAuth
Posted by Oleg Kalnichevski <ol...@apache.org>.
johndoe Doe wrote:
> I need to configure the SSLEngine created in org.apache.http.impl.nio.reactor.SSLIOSession used by org.apache.http.impl.nio.SSLServerIOEventDispatch to control client auth using setNeedClientAuth.
>
> Extending SSLServerIOEventDispatch, the implementation of createSSLIOSession(IOSession, SSLContext, SSLIOSessionHandler) can be overridden but in order to accomplish the aforesaid, it would be better to reuse SSLIOSession and tune its SSLEngine based on some used defined tunables. One way to enable this would be to add a new method in SSLIOSession:
>
> protected SSLEngine getSSLEngine()
> {
> return(this.sslEngine);
> }
>
> This enables extending SSLIOSession to tune SSLEngine as per requirements and hence use the full configurablilty of SSLEngine and use this extended SSLIOSession in an extended SSLServerIOEventDispatch. Can we have this method in a future release?
>
> -J.D.
>
>
>
>
J.D.
It is not a big deal to add #getSSLEngine() method to the SSLIOSession
class, but have you looked at the SSLIOSessionHandler interface? Its
purpose is precisely to enable users to tune SSLEngine. The benefit of
using the interface is that it the SSLServerIOEventDispatch class can
sure that the SSLEngine is configured at the right moment of its life cycle.
SSLIOSessionHandler sslHandler = new SSLIOSessionHandler() {
public void initalize(
SSLEngine sslengine,
HttpParams params) throws SSLException {
sslengine.setNeedClientAuth(true);
}
public void verify(
SocketAddress remoteAddress,
SSLSession session) throws SSLException {
}
};
IOEventDispatch ioEventDispatch = new SSLServerIOEventDispatch(
handler,
sslcontext,
sslHandler,
params);
Would that solve the problem for you?
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org