You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Rick McGuire (JIRA)" <ji...@apache.org> on 2007/12/13 12:20:44 UTC
[jira] Resolved: (GERONIMO-3703) should allow custom SSL context
for AsyncHttpClient
[ https://issues.apache.org/jira/browse/GERONIMO-3703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick McGuire resolved GERONIMO-3703.
------------------------------------
Resolution: Fixed
Committed revision 603885.
I've committed this patch, but there's something going on here with the connection reuse that's nagging at me a little, but I can't convince myself there's a real problem.
SSL context is provided by the request, and if there is no SSLFilter on the connection, one is added. At first glance, it seems like there is an exposure to either A) reusing a connection that is filtering with an incorrect SSLContext from a previous request or B) reusing a connection with an SSLFilter in place for a non-http connection. I don't think either of these could ever happen, given the realities of how SSL connections are used. I think the only thing that raised the issue was the test for whether the connection already had an SSLFilter in place or not. At that point, it seemed things could go astray, but I guess if the connection is getting reused, then the characteristics are fixed anyway.
> should allow custom SSL context for AsyncHttpClient
> ---------------------------------------------------
>
> Key: GERONIMO-3703
> URL: https://issues.apache.org/jira/browse/GERONIMO-3703
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: AsyncHttpClient
> Affects Versions: 1.x
> Reporter: Sangjin Lee
> Priority: Critical
> Attachments: 3703.patch
>
>
> Currently the SSLContext that's used to do https cannot be configured or customized. One needs to be able to create and pass in custom SSLContext to be able to use its own cert directory, keystore file, etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.