RE: cactus and SSL

[Vincent Massol <vm...@pivolis.com>]

Hi Mark,

Cool. You haven't answered a question I had about the need for SSL in
Cactus. I'd like to understand why do you think Cactus has to support
SSL? What do you think about the arguments I gave?

Thanks
-Vincent

-----Original Message-----
From: Mark W. Webb [mailto:markwebb@adelphia.net] 
Sent: 03 September 2003 04:16
To: Vincent Massol
Cc: 'Cactus Developers List'
Subject: Re: cactus and SSL

First of all, I am in need of some SSL servlet unit testing software.  I
have done extensive work with Java and SSL, so I think that I am capable
of handling this.  
I am not saying that this will be done tomorrow, or next week, but I
think that as the world attempts to become a more secure place, SSL will
become more prevalent. 
With that said I will welcome any help that people can give me, and I
will start looking at what is required to make this happen.  I will not
commit anything to the CVS baseline, as I do not have any account
anyhow.  I will just make updates to my own baseline, probably in a
separate directory and integrate the changes once I have something
working.

Thank you and I look forward to hearing from you.
Mark Webb   

Vincent Massol wrote:

Hi Mark,

I'm reading your email only now... If I had read it earlier I would have
jumped on the opportunity to get some help! Sorry about that. I hope
it's not too late and that you're still game to help us :-)

WRT SSL there have been a few talks about it in the past but nothing has
been implemented (search for SSL on the mail archives).

Are you in need yourself of some SSL support in Cactus?

As we are using Commons-httpclient which supports SSL, the idea would be
simply to modify our code so that when the context URL contains https,
all our server calls use the SSL config from httpclient. 

We would also need to change several of our build scripts as supporting
SSL requires adding some external libraries I believe (jsse, etc).
Testing it would also be a bit difficult as we would need to potentially
add a new sample application and some new container configuration. This
means also getting some server certificates.

All in all, I'm personally not sure it's worth the trouble as I can't
think of a scenario where the code under test would need to be modified
due to the fact that the container is running with SSL or not. As Cactus
is a unit test fwk (and not a functional testing fwk), I'm not sure it
makes sense to support SSL.

That said, if something is willing to fully implement it *AND* support
it (i.e. answer questions, fix bugs, implement feature requests around
SSL), then I would see no issue. But I don't want to be bothered getting
some half finished code where I would need to do 90% of the work (i.e
the integration in the build and make sure it works end to end).

No, if I haven't discouraged you, please go ahead. However, if you're
not in a specific need of SSL and you would just like to contribute,
there are several other subjects for which we need help:

- Eclipse plugin help
- more container support. For example, Resin 3.x, JBoss 4.x, WebSphere,
etc
- EJB redirectors: for RMI/IIOP and for JMS.
- add better support for EARs in Ant integration
- add an EJB sample application as part of the build
- add support for Servlet 2.4/JSP 2.0
- find out why some tests take 30 seconds to run!
- + more generally all the todos tasks listed on
http://jakarta.apache.org/cactus/participating/todo.html

Thanks!
-Vincent

  
-----Original Message-----
From: Mark W. Webb [mailto:markwebb@adelphia.net]
Sent: 22 August 2003 12:57
To: cactus-dev@jakarta.apache.org
Subject: cactus and SSL

I am interested in helping out with the cactus project and was
    
wondering
  
if there are any plans to support SSL.  I have read through some of
    
the
  
docs, and have not found any referenced to SSL.

please let me know if this is something that you might want to have in
cactus.

Thank you.



---------------------------------------------------------------------
To unsubscribe, e-mail: cactus-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: cactus-dev-help@jakarta.apache.org